1275-ru.translate.goog Open in urlscan Pro
2a00:1450:4001:81c::2001 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
Submission: On July 29 via manual (July 29th 2023, 4:09:57 am UTC) from US — Scanned from DE

Summary HTTP 63 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 9 domains to perform 63 HTTP transactions. The main IP is 2a00:1450:4001:81c::2001, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is 1275-ru.translate.goog.
TLS certificate: Issued by GTS CA 1C3 on July 10th 2023. Valid for: 3 months.

This is the only time 1275-ru.translate.goog was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
1 7	2606:4700:303... 2606:4700:3030::6815:5ed7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:6b8:a::a 2a02:6b8:a::a	208722 (GLOBAL_DC) (GLOBAL_DC)
13	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
3 10	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
5	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
7	2a02:6b8:20::215 2a02:6b8:20::215	208722 (GLOBAL_DC) (GLOBAL_DC)
1 3	154.47.36.132 154.47.36.132	174 (COGENT-174) (COGENT-174)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
63	13

3 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1275-ru.translate.goog	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3030::6815:5ed7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

1275.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8:a::a (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:6b8:20::215 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yastatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 154.47.36.132 (United States) 1 redirects

ASN174 (COGENT-174, US)

mc.webvisor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	gstatic.com www.gstatic.com fonts.gstatic.com	886 KB
11	yandex.ru 3 redirects yandex.ru — Cisco Umbrella Rank: 2088 mc.yandex.ru — Cisco Umbrella Rank: 4039	91 KB
7	yastatic.net yastatic.net — Cisco Umbrella Rank: 6998	196 KB
7	googleapis.com translate.googleapis.com — Cisco Umbrella Rank: 1291	78 KB
7	1275.ru 1 redirects 1275.ru	121 KB
6	google.com translate.google.com — Cisco Umbrella Rank: 1421 play.google.com — Cisco Umbrella Rank: 70	121 KB
3	webvisor.org 1 redirects mc.webvisor.org — Cisco Umbrella Rank: 27974	927 B
3	translate.goog 1275-ru.translate.goog	85 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 372	86 KB
63	9

	Domain	Requested by
13	www.gstatic.com	1275-ru.translate.goog www.gstatic.com translate.google.com
10	mc.yandex.ru	3 redirects 1275-ru.translate.goog cdn.jsdelivr.net
7	yastatic.net	yandex.ru
7	translate.googleapis.com
7	1275.ru	1 redirects 1275-ru.translate.goog 1275.ru
5	fonts.gstatic.com	translate.google.com 1275-ru.translate.goog
5	translate.google.com	1275-ru.translate.goog www.gstatic.com
3	mc.webvisor.org	1 redirects 1275-ru.translate.goog cdn.jsdelivr.net
3	1275-ru.translate.goog	1275-ru.translate.goog yandex.ru
1	play.google.com	www.gstatic.com
1	cdn.jsdelivr.net	1275-ru.translate.goog
1	yandex.ru	1275-ru.translate.goog
63	12

This site contains links to these domains. Also see Links.

Domain
translate.google.com

Subject Issuer	Validity	Valid
*.googleusercontent.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
1275.ru GTS CA 1P5	`2023-07-27` - `2023-10-25`	3 months	crt.sh
*.xn--d1acpjx3f.xn--p1ai GlobalSign ECC OV SSL CA 2018	`2023-06-21` - `2023-12-19`	6 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-03-17` - `2023-08-27`	5 months	crt.sh
*.yastatic-net.ru GlobalSign ECC OV SSL CA 2018	`2023-07-10` - `2024-01-07`	6 months	crt.sh
mc.webvisor.com GlobalSign RSA OV SSL CA 2018	`2023-05-31` - `2023-11-22`	6 months	crt.sh

This page contains 3 frames:

Primary Page: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
Frame ID: 958D607531859FF417E1D0D775DA8904
Requests: 52 HTTP requests in this frame

Frame: https://translate.google.com/websitetranslationui?parent=https%3A%2F%2F1275-ru.translate.goog&pfu=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&u=https%3A%2F%2F1275.ru%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F&sl=auto&tl=en&opu=https%3A%2F%2Ftranslate.google.com%2Fwebsite%3Fsl%3Dauto%26tl%3Den%26hl%3Den%26client%3Dwebapp%26u%3Dhttps%3A%2F%2F1275.ru%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%26anno%3D2&client=webapp&hl=en&lang=ru
Frame ID: DF25CC69E88CD79D134D171AA430B9EE
Requests: 16 HTTP requests in this frame

Frame: https://1275.ru/cdn-cgi/challenge-platform/h/b/scripts/jsd/11b725eb/invisible.js
Frame ID: F2E5B160FB952A58B7E02E29BA2CE2B0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TURLA APT IOCs - Part 3 - SEC-1275-1

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

63
Requests

86 %
HTTPS

92 %
IPv6

9
Domains

12
Subdomains

13
IPs

3
Countries

1663 kB
Transfer

4421 kB
Size

15
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://translate.google.com/website?sl=auto&tl=en&hl=en&client=webapp&u=https://g-soft.info
Title: General Software

Search URL Search Domain Scan URL

URL: https://translate.google.com/website?sl=auto&tl=en&hl=en&client=webapp&u=https://g-soft.info/feedback/
Title: Feedback

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&page-ref=&charset=utf-8&browser-info=pv%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afp%3A1180%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A2%3Adp%3A0%3Als%3A1294902115487%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040951%3Aet%3A1690603792%3Ac%3A1%3Arn%3A645531387%3Arqn%3A1%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A42%2C52%2C766%2C9%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1690603790594%3Ast%3A1690603792&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(1) HTTP 302
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afp%3A1180%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A2%3Adp%3A0%3Als%3A1294902115487%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040951%3Aet%3A1690603792%3Ac%3A1%3Arn%3A645531387%3Arqn%3A1%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A42%2C52%2C766%2C9%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1690603790594%3Ast%3A1690603792&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29

Request Chain 30

https://1275.ru/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://1275.ru/cdn-cgi/challenge-platform/h/b/scripts/jsd/11b725eb/invisible.js

Request Chain 31

https://mc.yandex.ru/watch/89548966?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afp%3A1180%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A1%3Adp%3A0%3Als%3A36690006041%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040951%3Aet%3A1690603792%3Ac%3A1%3Arn%3A546069629%3Arqn%3A1%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A42%2C52%2C766%2C9%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1690603790594%3Arqnl%3A1%3Ast%3A1690603792%3At%3ATURLA%20APT%20IOCs%20-%20Part%203%20-%20SEC-1275-1&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(1) HTTP 302
https://mc.yandex.ru/watch/89548966/1?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afp%3A1180%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A1%3Adp%3A0%3Als%3A36690006041%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040951%3Aet%3A1690603792%3Ac%3A1%3Arn%3A546069629%3Arqn%3A1%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A42%2C52%2C766%2C9%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1690603790594%3Arqnl%3A1%3Ast%3A1690603792%3At%3ATURLA%20APT%20IOCs%20-%20Part%203%20-%20SEC-1275-1&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29

Request Chain 61

https://mc.webvisor.org/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=10078.VbfYAajpGEW5si4feg0InfjFtcF7SmZBcTiriHyvpU-xrT-tHEW6i-Yl7tvJyrvu.yKiEkC-cg_MIlIkDcul0WCpct0Q%2C HTTP 302
https://mc.webvisor.org/sync_cookie_image_decide?token=10078.CAnO-oBdkBXHjNwJ660sSEf40N42Sz7DMgBpPN38CT2lGATtwZq30HgiIl2mgiO7_L8F55wgtnW3LY95mndm8nA7ESyISRuuxrEwZMXlDld9pd4zP2Flk4KNZZx0t5TjXqPE46RtIN0ORFAKYb_6deQf6go47rEYps1DNrS-tfT-_1KIVRLjXtzbwrEaEnBQtFPEu2iPxCw2fWhHUQof1MQWo6FEfFk1HyCgb7UmS7Q%2C.SYz8NibYr7yp20dL001WJagBJ2c%2C

63 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/ 87 KB
21 KB 860ms
766ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bba2b250190b2e3431c2868ae74fd1b5a1f7c7d3f8d61705fc59d7b0af5fee66

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.translate.goog
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-security-policy: frame-ancestors *.translate.goog
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Sat, 29 Jul 2023 04:09:51 GMT
expires: Sat, 29 Jul 2023 04:09:51 GMT
last-modified: Sat, 29 Jul 2023 07:09:51 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: ESF
x-content-type-options: nosniff
x-robots-tag: none
x-xss-protection: 0

GET
H2 200 style.min.css
1275.ru/wp-content/themes/reboot/assets/css/ 223 KB
40 KB 167ms
100ms Stylesheet
text/css 2606:4700:3030::6815:5ed7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://1275.ru/wp-content/themes/reboot/assets/css/style.min.css

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:5ed7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

395ac78b9fce196f0c2c861789b3d87f9944651d5a80028fa3b1f9e6a1847f0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:51 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 23 Mar 2023 18:33:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A3%2FRxcJQoEZjcqp5VeYSDfLxsBCMWwaUxE35%2B%2BCB2GgJNiScFZ2UGS%2BBhReBDO7Y3MOrRFbUfZY8LjxjBToXJkl2oT2lOlr0d7PaZkjPmytz7atdUgWFQoScSunUOIFScS2Q6tVG"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7ee282412b262c7e-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 wpo-minify-header-c65d1126.min.js Show response
1275.ru/wp-content/cache/wpo-minify/1690389091/assets/ 146 KB
47 KB 146ms
79ms Script
application/javascript 2606:4700:3030::6815:5ed7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://1275.ru/wp-content/cache/wpo-minify/1690389091/assets/wpo-minify-header-c65d1126.min.js

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:5ed7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

158469665f416130938621681aed58dcbb25242101ec7cf113dc5b0e8105767d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:51 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 26 Jul 2023 16:32:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VHp5I6KXOzAo15YiTGcjepbPhjsQbJUmTzksruTmhySCzDYB68at6R%2FsiuklVVg27AnnfkgYWWf1TyyRj0QbbIJWSWyUREE38wYUGpDVRUnWxewYGPj35HqBBM0z%2BgumfkgnGwBR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7ee282412b282c7e-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 context.js Show response
yandex.ru/ads/system/ 301 KB
86 KB 212ms
77ms Script
text/javascript 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/system/context.js

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

715a81462d5193905a7aa8d6979e5036c8397f6795705d2fb0fe7e7f9b493e71

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-encoding: br
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1690603791826427-18336048426481817088-balancer-l7leveler-kubr-yp-vla-17-BAL-8657
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Sat, 29 Jul 2023 05:09:51 GMT

GET wpshop-core.ttf
1275.ru/wp-content/themes/reboot/assets/fonts/ 0
0

GET security.jpg
1275.ru/wp-content/uploads/2022/07/ 0
0

GET
H2 200 m=corsproxy Show response
www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.de.wSQFtw-7uIQ.O/d=1/rs=AN8SPfrk0rXl1b_77qVf0PnOm-OzaDVBLw/ 79 KB
28 KB 79ms
28ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.de.wSQFtw-7uIQ.O/d=1/rs=AN8SPfrk0rXl1b_77qVf0PnOm-OzaDVBLw/m=corsproxy

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b0d88fec11d75fe27fb007fc6ddd8c4be153a064f1c18b63f0b02c03709587e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 18:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 122364
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28125
x-xss-protection: 0
last-modified: Wed, 26 Jul 2023 20:12:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Jul 2024 18:10:27 GMT

GET
H2 200 m=navigationui Show response
www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.de.wSQFtw-7uIQ.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfrk0rXl1b_77qVf0PnOm-OzaDVBLw/ 33 KB
13 KB 74ms
23ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.de.wSQFtw-7uIQ.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfrk0rXl1b_77qVf0PnOm-OzaDVBLw/m=navigationui

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

021af27a4f745b72a92577aa2880ca09c454f512d9d20dd024dd48cb1d4da139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 18:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 122364
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12676
x-xss-protection: 0
last-modified: Wed, 26 Jul 2023 20:12:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Jul 2024 18:10:27 GMT

GET
H2 200 security.jpg
1275-ru.translate.goog/wp-content/uploads/2022/07/ 57 KB
57 KB 218ms
216ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1275-ru.translate.goog/wp-content/uploads/2022/07/security.jpg?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d4db268822202dfdbfc2fe9dec09ace92874511cd16e22adb9ee276cbd383e53

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors *.translate.goog
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.translate.goog
date: Sat, 29 Jul 2023 04:09:51 GMT
x-content-type-options: nosniff
last-modified: Thu, 23 Mar 2023 18:32:44 GMT
server: ESF
cross-origin-opener-policy: unsafe-none
content-type: image/jpeg
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
cross-origin-resource-policy: cross-origin
x-robots-tag: none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Sat, 29 Jul 2023 04:09:51 GMT

GET
H2 200 wpo-minify-footer-70343dd6.min.js Show response
1275.ru/wp-content/cache/wpo-minify/1690389091/assets/ 111 KB
30 KB 78ms
77ms Script
application/javascript 2606:4700:3030::6815:5ed7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://1275.ru/wp-content/cache/wpo-minify/1690389091/assets/wpo-minify-footer-70343dd6.min.js

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:5ed7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8599d58b9f848bc8f202f4447ce611de3eae34625a8c5054d88808af8b8348dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:51 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 26 Jul 2023 17:00:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OB4xHFFfLVZ5a5cMoGzoatTJ0mOXI%2Fy7jEzLdinyHlfh8gVivjxW4aLuspOmHvVxq208dAG2vNj1XGzS0C7JbF41fb0Safhi0tQ01tRnbKJ3TuY9E%2F8Er5tG%2FyHasyzY%2F8pXyteI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7ee28241dbde2c7e-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 85 KB
30 KB 117ms
51ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=en&client=wt

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

25f294a11c214d57e0ac336ead0f2787baba6c8c798511b1e12ce5712ca1badf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 29 Jul 2023 04:09:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lazy.min.js Show response
www.gstatic.com/feedback/js/help/prod/service/ 98 KB
35 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.de.wSQFtw-7uIQ.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfrk0rXl1b_77qVf0PnOm-OzaDVBLw/m=navigationui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb0fe289e92a2eade6afe7babe92eb0cee939586979a53147dee55195c551b4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:05:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 285
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35074
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 23:02:46 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="product-feedback-gathering"
vary: Accept-Encoding, Origin
report-to: {"group":"product-feedback-gathering","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/product-feedback-gathering"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Sat, 29 Jul 2023 04:55:06 GMT

GET
H2 200 websitetranslationui Show response
translate.google.com/ Frame DF25 619 KB
91 KB 105ms
57ms Document
text/html 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/websitetranslationui?parent=https%3A%2F%2F1275-ru.translate.goog&pfu=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&u=https%3A%2F%2F1275.ru%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F&sl=auto&tl=en&opu=https%3A%2F%2Ftranslate.google.com%2Fwebsite%3Fsl%3Dauto%26tl%3Den%26hl%3Den%26client%3Dwebapp%26u%3Dhttps%3A%2F%2F1275.ru%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%26anno%3D2&client=webapp&hl=en&lang=ru

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.de.wSQFtw-7uIQ.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfrk0rXl1b_77qVf0PnOm-OzaDVBLw/m=navigationui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1fa1507969e6321247e5468e5d3d4731f6544ffaab057d69294cdeb7f48909bd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://1275-ru.translate.goog require-trusted-types-for 'script';report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport script-src 'report-sample' 'nonce-YkU5dEjILzP8Uf-oIlY_JA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://1275-ru.translate.goog
X-Xss-Protection	0

Request headers

Referer: https://1275-ru.translate.goog/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors https://1275-ru.translate.goog require-trusted-types-for 'script';report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport script-src 'report-sample' 'nonce-YkU5dEjILzP8Uf-oIlY_JA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport/allowlist
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
date: Sat, 29 Jul 2023 04:09:51 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-frame-options: ALLOW-FROM https://1275-ru.translate.goog
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H2 200 tag.js Show response
cdn.jsdelivr.net/npm/yandex-metrica-watch/ 215 KB
86 KB 84ms
34ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bed995fce768f3658b9b0acc26c37ef001693da300f85c4b2018944df470cbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1804
x-jsd-version: 1.285.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230100-FRA, cache-bma1657-BMA
x-jsd-version-type: version
server: cloudflare
etag: W/"35d08-WqMIOzxu+2KQ7TmGOFm2A8yXI5E"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1PvPVkwdQiU3L2srLYJ36Mz8FA3GDFG264I9CkXluW6gaaq6VA3t9Kr4Vc83jleGS6qwr1R%2B1DYhsWGCXzQPnpxOOp3qe6MJpXxt0Et733OUGRmWeo%2B2KqX0pOBAtW%2FGOWm6A6gRWKTWVOExQC8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7ee282426b4b1c42-FRA

GET
DATA 200
OK truncated
/ 969 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 401503518894f575673732c689a7885c78bb615900c0c3f726765eb4ce6aa799

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 290 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5aab9ecebd2bc2f003980fdde59b97aad0fd105312d99fa50fcab580099aaf3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 442 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17df1f2891553baf6c74c4eef8cd0dd9fb73a5669f9f89d67183a8bfe41acfd2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 626 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6e9cca040634f071c068f7f483dfeef82d8589b4082c8cbdc5301951647ba71b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 544 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 255df06063ef8b4f994c1ae9d232d7c4f27c95b853a68fd9c03e31f4dd6b0031

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4192547933c47032776c86cc04805a86655e4580d0c82b46787a120fcd96c146

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3f3db2e6ac9e2b19172879a80a8605f4db7a179745be21a0828e3c1e49510ee

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 624 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b5acb20b58ca9f25a996cd5f44fcbde42154bb94cd95666197a59d4b539f07d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9501cc809fac65ba3bc7fdc1686f8cc6651018b290308eddd1e46454063bf5f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET wpshop-core.woff
1275.ru/wp-content/themes/reboot/assets/fonts/ 0
0

GET
H3 200 m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/ 22 KB
4 KB 23ms
22ms Stylesheet
text/css 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US._yudoeLt4Lw.O/d=1/rs=AN8SPfpl1Fyg_5y4j0o-171nnMOCorjeLA/m=el_conf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110072
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4176
x-xss-protection: 0
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Jul 2024 21:35:19 GMT

GET
H2 200 m=el_main Show response
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US._yudoeLt4Lw.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpl1Fyg_5y4j0o-171nnMOCorjeLA/ 212 KB
76 KB 79ms
23ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US._yudoeLt4Lw.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpl1Fyg_5y4j0o-171nnMOCorjeLA/m=el_main

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US._yudoeLt4Lw.O/d=1/rs=AN8SPfpl1Fyg_5y4j0o-171nnMOCorjeLA/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba6e7d46a68c9a19b23c43244149ab06f42612c0972cce7b2037bd4145281c92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 23:57:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101552
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76794
x-xss-protection: 0
last-modified: Wed, 26 Jul 2023 20:12:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Jul 2024 23:57:19 GMT

POST
H2 204 cspreport
translate.google.com/_/TranslateWebserverWebsiteTranslationUi/ Frame DF25 0
286 B 53ms
52ms Other
text/html 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/_/TranslateWebserverWebsiteTranslationUi/cspreport

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport, script-src 'report-sample' 'nonce-koi21gr9hNHL2xU8MDYuOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://translate.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 29 Jul 2023 04:09:51 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport, script-src 'report-sample' 'nonce-koi21gr9hNHL2xU8MDYuOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/TranslateWebserverWebsiteTranslationUi/cspreport/allowlist
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/3/
Redirect Chain

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&page-...
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&pag...

264 B
300 B

71ms
71ms

Fetch
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afp%3A1180%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A2%3Adp%3A0%3Als%3A1294902115487%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040951%3Aet%3A1690603792%3Ac%3A1%3Arn%3A645531387%3Arqn%3A1%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A42%2C52%2C766%2C9%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1690603790594%3Ast%3A1690603792&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

9def3abc34599ed5dbd4347a22bf1e951909206306c848d351eb6ea116b8fda7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Sat, 29-Jul-2023 04:09:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://1275-ru.translate.goog
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 264
x-xss-protection: 1; mode=block
expires: Sat, 29-Jul-2023 04:09:52 GMT

Redirect headers

pragma: no-cache
date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 29-Jul-2023 04:09:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/3/1?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afp%3A1180%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A2%3Adp%3A0%3Als%3A1294902115487%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040951%3Aet%3A1690603792%3Ac%3A1%3Arn%3A645531387%3Arqn%3A1%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A42%2C52%2C766%2C9%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1690603790594%3Ast%3A1690603792&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29
access-control-allow-origin: https://1275-ru.translate.goog
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Sat, 29-Jul-2023 04:09:52 GMT

OPTIONS
H3 200 /
1275.ru/ Frame 0
0 466ms
466ms Preflight
text/html 2606:4700:3030::6815:5ed7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://1275.ru/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:5ed7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.2.8

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: cache-control
Access-Control-Request-Method: POST
Origin: https://1275-ru.translate.goog
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-edge-cache: cache,platform=wordpress
cf-ray: 7ee282433d0c2c56-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 29 Jul 2023 04:09:52 GMT
last-modified: Fri, 28 Jul 2023 08:33:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQ9QjX4RsTUvanx5btcQCtZ%2FQuzrUWx%2BwvaajalGWlk1xjBjpggPWw4YqzhWDKp1bdRacvMykWqa%2BL2C%2BMsMeJOVvIh%2FXwG9wBgGYAvacP4nF9fTqarF0O9DoeFLdOmXZfML0IH7"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
wpo-cache-message: The request method was not GET (OPTIONS)
wpo-cache-status: not cached
x-content-type-options: nosniff
x-powered-by: PHP/8.2.8

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ 43 B
529 B 201ms
67ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 28 Jul 2023 16:57:22 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "64c3c942-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sat, 29 Jul 2023 05:09:52 GMT

POST /
1275.ru/ 0
0

GET
H3

200

invisible.js Show response
1275.ru/cdn-cgi/challenge-platform/h/b/scripts/jsd/11b725eb/ Frame F2E5
Redirect Chain

https://1275.ru/cdn-cgi/challenge-platform/scripts/invisible.js
https://1275.ru/cdn-cgi/challenge-platform/h/b/scripts/jsd/11b725eb/invisible.js

7 KB
4 KB

29ms
29ms

Script
application/javascript

2606:4700:3030::6815:5ed7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://1275.ru/cdn-cgi/challenge-platform/h/b/scripts/jsd/11b725eb/invisible.js

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Server

2606:4700:3030::6815:5ed7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12809f96f3fe3beb9ce7d2a3ce85676112c667e3ff064515ed3d38d438d982b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:51 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XJX9%2FBeMFZz5bRwOXS9rPEDPZAseeFgeeh3U6WA9VrCJH575M%2Bh%2BMVvufQjtJiRdQhu85kAPghvklbL%2F2YsLYyRgl8pUZ4CsQ0uZlVSDJrMWDkDdSOundUbnxMSTysqUGv77qva9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7ee282439ed09229-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 29 Jul 2023 04:09:51 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qdPIJpfZamEx3Mc4W%2F6LbmQyFbpKm74ku4sWO%2BJumPiB3TnKNBfXFqWJtkVpkTIpkAIpCRAlwIYZBOrRdkMLbko%2BNi0YE%2FlUb3pqDM6btkKF27zLAkaLx1DRVEihtrHTBwXDueMf"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/11b725eb/invisible.js
cache-control: max-age=300, public
cf-ray: 7ee282433e9e9229-FRA
alt-svc: h3=":443"; ma=86400

GET
H2

200

1 Show response
mc.yandex.ru/watch/89548966/
Redirect Chain

https://mc.yandex.ru/watch/89548966?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwap...
https://mc.yandex.ru/watch/89548966/1?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dw...

435 B
585 B

68ms
67ms

Fetch
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/89548966/1?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afp%3A1180%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A1%3Adp%3A0%3Als%3A36690006041%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040951%3Aet%3A1690603792%3Ac%3A1%3Arn%3A546069629%3Arqn%3A1%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A42%2C52%2C766%2C9%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1690603790594%3Arqnl%3A1%3Ast%3A1690603792%3At%3ATURLA%20APT%20IOCs%20-%20Part%203%20-%20SEC-1275-1&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

c6f19c1ec0c4602c3cfe5094148df986a8af472dd1b51f24320a6298c1981d43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Sat, 29-Jul-2023 04:09:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://1275-ru.translate.goog
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 435
x-xss-protection: 1; mode=block
expires: Sat, 29-Jul-2023 04:09:52 GMT

Redirect headers

pragma: no-cache
date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 29-Jul-2023 04:09:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/89548966/1?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afp%3A1180%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A1%3Adp%3A0%3Als%3A36690006041%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040951%3Aet%3A1690603792%3Ac%3A1%3Arn%3A546069629%3Arqn%3A1%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A42%2C52%2C766%2C9%2C0%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1690603790594%3Arqnl%3A1%3Ast%3A1690603792%3At%3ATURLA%20APT%20IOCs%20-%20Part%203%20-%20SEC-1275-1&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29
access-control-allow-origin: https://1275-ru.translate.goog
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Sat, 29-Jul-2023 04:09:52 GMT

GET
H3 200 m=_b,_tp,_r Show response
www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/am=AGDOAg/d=1/excm=_b,_r,_tp,iframenavigationview/ed=1/dg=0/wt=2/ujg=1/rs=ANkVxD... Frame DF25 180 KB
63 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/am=AGDOAg/d=1/excm=_b,_r,_tp,iframenavigationview/ed=1/dg=0/wt=2/ujg=1/rs=ANkVxDlSN4AIP-St84uGO8KyOuftDsgRpw/m=_b,_tp,_r

Requested by

Host: translate.google.com
URL: https://translate.google.com/websitetranslationui?parent=https%3A%2F%2F1275-ru.translate.goog&pfu=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&u=https%3A%2F%2F1275.ru%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F&sl=auto&tl=en&opu=https%3A%2F%2Ftranslate.google.com%2Fwebsite%3Fsl%3Dauto%26tl%3Den%26hl%3Den%26client%3Dwebapp%26u%3Dhttps%3A%2F%2F1275.ru%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%26anno%3D2&client=webapp&hl=en&lang=ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90099c81f619214205a91ac97536d4e7f94f0edb81aa4c889364c6843a2d81b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109231
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/translate-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64709
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 04:28:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/translate-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/translate-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/translate-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Jul 2024 21:49:20 GMT

GET
H3 200 googlelogo_clr_74x24px.svg
www.gstatic.com/images/branding/googlelogo/svg/ Frame DF25 2 KB
688 B 24ms
23ms Image
image/svg+xml 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99bf4aa403643a6d41c028e5db29c79c17cbc815b3e10cd5c6b8f90567a03e52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 23:39:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 663
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 27 Jul 2024 23:39:37 GMT

GET
H2 200 24px.svg
fonts.gstatic.com/s/i/productlogos/translate/v6/ Frame DF25 6 KB
4 KB 80ms
22ms Image
image/svg+xml 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.gstatic.com/s/i/productlogos/translate/v6/24px.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34382
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3340
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 09:57:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 27 Jul 2024 18:36:50 GMT

GET
H3 200 pwt_hackathon_bard_logo_processing.gif
www.gstatic.com/translate/ Frame DF25 109 KB
109 KB 26ms
25ms Image
image/gif 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/translate/pwt_hackathon_bard_logo_processing.gif

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1c19def8abe99d6e922755fc028d2cf35bf3419b020d7f955f1c202d2c7936c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 04:41:59 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Mar 2023 15:58:00 GMT
server: sffe
age: 170872
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/gif
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111830
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 26 Jul 2024 04:41:59 GMT

GET
H3 200 pwt_hackathon_bard_logo_resting.gif
www.gstatic.com/translate/ Frame DF25 271 KB
271 KB 34ms
33ms Image
image/gif 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/translate/pwt_hackathon_bard_logo_resting.gif

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f260bf3eacb674168155cfb377a8df06da619fd7cc6b62f406ace0113f81ecc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 23:12:22 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Mar 2023 15:58:00 GMT
server: sffe
age: 17849
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/gif
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 277497
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 27 Jul 2024 23:12:22 GMT

GET
H2 200 32px.svg
fonts.gstatic.com/s/i/productlogos/translate/v6/ Frame DF25 6 KB
3 KB 80ms
23ms Image
image/svg+xml 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.gstatic.com/s/i/productlogos/translate/v6/32px.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99294fad3e114681d7504cad26b5d425bf7bb98c82bb4abce603e145ba2e3e17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34382
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3169
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 09:57:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 27 Jul 2024 18:36:50 GMT

GET
H2 200 pxiDypQkot1TnFhsFMOfGShVF9eO.woff2
fonts.gstatic.com/s/productsans/v9/ Frame DF25 31 KB
31 KB 96ms
46ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/productsans/v9/pxiDypQkot1TnFhsFMOfGShVF9eO.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://translate.google.com/
Origin: https://translate.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 02:20:21 GMT
x-content-type-options: nosniff
age: 92971
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31568
x-xss-protection: 0
last-modified: Mon, 15 Aug 2016 20:30:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Jul 2024 02:20:21 GMT

GET
H2 200 kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2
fonts.gstatic.com/s/materialiconsextended/v149/ Frame DF25 159 KB
160 KB 74ms
24ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialiconsextended/v149/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f80c4c91054b3d6c80721939242c2d4f68f15e41f251e12641f695d78eb2f35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://translate.google.com/
Origin: https://translate.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 02:05:51 GMT
x-content-type-options: nosniff
age: 93841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 162924
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 00:15:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Jul 2024 02:05:51 GMT

GET
H3 204 gen204
translate.google.com/ 0
25 B 40ms
39ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://translate.google.com/gen204?nca=te_li&client=wt_lib&logld=vTE_20230726

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fjxA5rKufE2WADHkKpNdOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-security-policy: script-src 'report-sample' 'nonce-fjxA5rKufE2WADHkKpNdOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: image/gif; charset=us-ascii
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 24px.svg
fonts.gstatic.com/s/i/productlogos/translate/v14/ 6 KB
3 KB 22ms
21ms Image
image/svg+xml 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 20:17:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114726
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3340
x-xss-protection: 0
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Jul 2024 20:17:46 GMT

OPTIONS
H3 400 7ee2823c6afdd0b5
1275.ru/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 0
0 29ms
28ms Preflight
application/json 2606:4700:3030::6815:5ed7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://1275.ru/cdn-cgi/challenge-platform/h/b/cv/result/7ee2823c6afdd0b5

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:5ed7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://1275-ru.translate.goog
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=0, must-revalidate
cf-chl-out: Knt3H52tyHbIFJNXwlWJbQ==$NFKi2yKJ2IDC6diIyNf9fQ==
cf-ray: 7ee282452ea92c56-FRA
content-type: application/json
date: Sat, 29 Jul 2023 04:09:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m9mn1qrte9vbOUZe77Kzo%2BFnz%2BT8bhUf2bdeAi%2B2aIYV8M8uJa%2BnL3XPzdqZc%2FXCMlPQGcMHh08UA7xIchjpkIJk4Y%2FTzJmZVZ4TpipKUXgYyEmPIE2E2XMyXXIn3Q1XJ5Xwgrui"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff

POST 7ee2823c6afdd0b5
1275.ru/cdn-cgi/challenge-platform/h/b/cv/result/ Frame F2E5 0
0

GET
H3 200 m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,pKzUve,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,XVMNvd,L1AAkb,KUM7Z,Mlhmy,CXsK... Show response
www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/ck=boq-translate.TranslateWebserverWebsiteTranslationUi.VP6eytFFYDo.L.B1.O/am=AG... Frame DF25 233 KB
82 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/ck=boq-translate.TranslateWebserverWebsiteTranslationUi.VP6eytFFYDo.L.B1.O/am=AGDOAg/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,iframenavigationview/ed=1/wt=2/ujg=1/rs=ANkVxDl3Vimk4bTQXG4eZgizY1ugtsuOZw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,pKzUve,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,XVMNvd,L1AAkb,KUM7Z,Mlhmy,CXsKQe,s39S4,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,P5Thrf,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,xQtZb,JNoxi,kWgXee,BVgquf,QIhFr,ovKuLd,yDVVkb,hc6Ubd,SpsfSb,KG2eXe,Z5uLle,BBI74,VwDzFe,MdUzUe,A7fCU,zbML3c,zr1jrb,Uas9Hd,pjICDe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/am=AGDOAg/d=1/excm=_b,_r,_tp,iframenavigationview/ed=1/dg=0/wt=2/ujg=1/rs=ANkVxDlSN4AIP-St84uGO8KyOuftDsgRpw/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efa839a514bf0044d8f3b66e83ef3e3b60148adf00db060ff25ce6c8e03b8814

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:49:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109231
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/translate-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84381
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 00:24:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/translate-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/translate-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/translate-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Jul 2024 21:49:21 GMT

GET
H3 200 m=sJhETb,i5dxUd,m9oV,JH2zc,bTi8wc,i5H9N,RAnnUd,PHUIyb,VNcg1e,DFTXbf,t1sulf,uu7UOe,qNG0Fc,wg1P6b,J1hrIc,sMS7Ab,JWUKXe,soHxf,xzbRj,HwavCb,ywOR5c,qRXAtf,yRXbo,tQKCld,thZ3rf,L2d1X,tsNC9c,QM0Gm,PxcVCe,J... Show response
www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/ck=boq-translate.TranslateWebserverWebsiteTranslationUi.VP6eytFFYDo.L.B1.O/am=AG... Frame DF25 220 KB
70 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/ck=boq-translate.TranslateWebserverWebsiteTranslationUi.VP6eytFFYDo.L.B1.O/am=AGDOAg/d=1/exm=A7fCU,BBI74,BVgquf,COQbmf,CXsKQe,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,P5Thrf,PrPYRd,QIhFr,RMhBfe,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_r,_tp,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,gychg,hc6Ubd,kWgXee,lsjVmc,lwddkf,n73qwf,ovKuLd,pKzUve,pjICDe,pw70Gc,s39S4,w9hDv,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_r,_tp,iframenavigationview/ed=1/wt=2/ujg=1/rs=ANkVxDl3Vimk4bTQXG4eZgizY1ugtsuOZw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=sJhETb,i5dxUd,m9oV,JH2zc,bTi8wc,i5H9N,RAnnUd,PHUIyb,VNcg1e,DFTXbf,t1sulf,uu7UOe,qNG0Fc,wg1P6b,J1hrIc,sMS7Ab,JWUKXe,soHxf,xzbRj,HwavCb,ywOR5c,qRXAtf,yRXbo,tQKCld,thZ3rf,L2d1X,tsNC9c,QM0Gm,PxcVCe,JzDP5e,rFVO7,W225x,cSdwA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bda6918b39e47201eb415c340eaf71525d7ccaa9edfd6a179fc5456f56b110c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:49:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109231
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/translate-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71605
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 00:24:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/translate-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/translate-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/translate-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Jul 2024 21:49:21 GMT

GET
H2 200 c4b0c9327ef08defd98c.js Show response
yastatic.net/partner-code-bundles/816137/ 14 KB
5 KB 330ms
159ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/816137/c4b0c9327ef08defd98c.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

2db52a6c5fbbfccf1d82c4903a9192517ffb69cb78d8c5e88e46d9dc5914bc9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://1275-ru.translate.goog/
Origin: https://1275-ru.translate.goog
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 4780
last-modified: Fri, 28 Jul 2023 16:55:37 GMT
server: nginx/1.17.9
etag: "d6cd57bd5ab488ebf5c3d2f04e5e3fa1"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 28 Jul 2053 10:45:02 GMT

GET
H2 200 102f83cb742ee23f1ebb.js Show response
yastatic.net/partner-code-bundles/816137/ 24 KB
8 KB 391ms
221ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/816137/102f83cb742ee23f1ebb.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

2e1ad0f4cb99e351ea84539ef2611c14f5030f56d4f0be881b58da7624c3933e

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://1275-ru.translate.goog/
Origin: https://1275-ru.translate.goog
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 7944
last-modified: Fri, 28 Jul 2023 16:55:36 GMT
server: nginx/1.17.9
etag: "5c60bc7ca2bd5c360381cdb542682857"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 28 Jul 2053 10:45:03 GMT

GET
H2 200 b58b32da6b4fb76cd627.js Show response
yastatic.net/partner-code-bundles/816137/ 126 KB
26 KB 370ms
201ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/816137/b58b32da6b4fb76cd627.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

6dbf806f766bc9560414c3d2faacb903de016fab141431a5bad1abf714046a79

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://1275-ru.translate.goog/
Origin: https://1275-ru.translate.goog
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 26342
last-modified: Fri, 28 Jul 2023 16:55:37 GMT
server: nginx/1.17.9
etag: "77acf347ffcddd2986983a49c0c473df"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 28 Jul 2053 10:45:03 GMT

GET
H2 200 host.js Show response
yastatic.net/safeframe-bundles/0.83/ 33 KB
9 KB 344ms
175ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/safeframe-bundles/0.83/host.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://1275-ru.translate.goog/
Origin: https://1275-ru.translate.goog
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 8878
last-modified: Wed, 03 Nov 2021 13:42:58 GMT
server: nginx/1.17.9
etag: "f80882bf67cf261aa08d636da095149a"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 28 Jul 2053 10:40:58 GMT

GET
H2 200 text-variable-full.woff2
yastatic.net/s3/home/fonts/ys/3/ 25 KB
26 KB 294ms
128ms Font
font/woff2 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://1275-ru.translate.goog/
Origin: https://1275-ru.translate.goog
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 26004
x-amz-meta-owner: {"role":"admin","login":"4eb0da"}
last-modified: Mon, 25 Apr 2022 14:02:39 GMT
server: nginx/1.17.9
etag: "7f0cdaf91230f9789ca4162aedff612e"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31556952
x-nginx-request-id: 86f47949b33c1de6
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Jul 2024 09:55:03 GMT

GET
H3 400 ajax Show response
1275-ru.translate.goog/3cbab51d-6f44-4569-b131-140fd3802204/ 10 KB
7 KB 124ms
124ms XHR
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1275-ru.translate.goog/3cbab51d-6f44-4569-b131-140fd3802204/ajax?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp&u=https%3A%2F%2Fyandex.ru%2Fads%2Fmeta%2F1788970%3Ftarget-ref%3Dhttps%253A%252F%252F1275-ru.translate.goog%252Fioc%252F2350%252Fturla-apt-iocs-part-3%252F%253F_x_tr_sl%253Dauto%2526_x_tr_tl%253Den%2526_x_tr_hl%253Den%2526_x_tr_pto%253Dwapp%26charset%3Dutf-8%26pcode-test-ids%3D801255%252C0%252C73%253B810908%252C0%252C91%253B810507%252C0%252C19%253B807808%252C0%252C96%253B812562%252C0%252C62%253B809335%252C0%252C79%253B806799%252C0%252C76%253B805303%252C0%252C34%253B808035%252C0%252C63%253B801974%252C0%252C82%253B798890%252C0%252C10%253B810139%252C0%252C19%253B810143%252C0%252C49%253B815274%252C0%252C33%253B815193%252C0%252C69%253B681843%252C0%252C13%26pcode-flags-map%3DeJy1WFlz2zYQ%252Fi96jlLeh99AEqRQ8SoASlYyHoxqq646st1xnDRxxv%252B9C4C2RFmFlKN%252BoElQ%252B3Gx57f4OpohJtikmQuUiRIluBR5QwWpRYLqGtPR2fuvo0%252FLzcfV6GzEaYdHb0YPqw8P5Aqeg8B1vXD0dPFmC9PSJutSzkRTixZ1DBsRQjv2XI2Aa5SUWOC0qbYgJWFcKjMjGW7kDbxNGoFoNYBdff57D9V3fYWaEaZg06aruaA4IxSnEhK1rVkzx%252FI852VvsBFRdSUntClLQKu5vMFUzBFPJzgTnFRYNHnOMDfjuo4V7tmMEw4qojoTSZMtpCdaRFGFOeBnOEfw3QFmjko2BPVCL9iCUszpQjqgxnze0KnAlDZmV4Z%252B4IXxC0LvDJYiuJZkCrcdneEFIM5BJUaK2gwXWKEbvoL7EYyyqQuRl6iQNuvKTIAHy4VgU9Jq489Q2R2JtjAIo%252BAFEfyWTiHoF03HBSsbuJB3GHzQ1RmiBLMjYJHt2UP18HmrVYQATjFjBNbgJRfnVWkGi1zbC08HE8kCjJoJtoB0%252BPnQKMtERfR6WjYM4juhKJ0eM8l37SJtMiw6Wp6MLb0tXdZSrLJxm5e6TPTvB3C2BX8DvNiNQ%252BsIXtLlOeQgrlq%252BgDSoyD7oNyPOWkSyn69h3sH996LWslT%252FZE3%252FA%252FOH%252FHMY8%252F%252BzwPd6X8Z%252BQVEiSlwXfDIQgq4S7YpFVmSF3rYdcFUoZ5gy0gzLY2RbvucNZG3HC6L9IstlooKlWYdK3V5kQ8fn0ExqWMmYue8BaGB53w6qFhjKschl6zr%252BDZ3LC%252Bh6%252BFzQTmRNhUhtauu%252BFTpucFBMQJ%252FnlCRGcce2Aq8Xl5JaRKByjhbMKAkcJdalvlXVCvo%252FwzU3y%252FiOZQ04SM89UkaNgrEdRlpNFYqah4muJjmBOkxqsHmOUmzGiJyeZMhmS3FOMZtAQS5IapIL7MjtTQRbzAmtZImm0GlkhoGDIUkSkhkhwMqOPdg3cCeKCrBX33FlqrKUYlwLtheNr%252FSJba%252FXB0FGNnWvC8olNyIq1GBbKMNmpcIoDjS7kUQuh%252BZeZ0AetDyEzz4bNMsnU8UUmDLJkJqaUWKvD3uJUmIgeoBgpLJBEHmBNueO2QoKpRko1JQ3Zr2jwLPdXfspJijmEwDZwauB%252ByiHFx2Vvb6TVDnFZGY2a2hbXqh5NqVCRxrvaN27Jy0JeJtPaNMVE3NztwFJ27dE7xbKo0Kl2q7Y19Efq4fLP6vl%252FfX6dnRm%252B9ab0c3d7%252BvNil0uN%252Bvb69GZ8zRA9SENFCqrEOXitw53WDGSpJT1TE4Xux94P7pZrjdv7z%252BCbl%252BWt1erz3D%252Fy%252Fpmeb36MFi6Xt6olavH1a3%252B%252BfLT%252BuFO39683Xm4ul33qxL5BQEW7pePm7vHP%252FvXj%252Ff6%252F8f75dvb1T8fXv3gr%252BXdzVqJXhzeYo04%252BEtUmBbymhEkOCqMdQ1mEacPLpUWGHxPMUo59J4jgr5r6eEI5p3nGQWmFvh03VUJNla40LfdvlWqCVFNYyAJTTjBqc5IaDUEascRmNDS0QdlBDhrJQtcoUoOyXJ0wL04yx0UOsHYxrkz9rwUjZMkS8ZZihw3ijAO%252FGxo38j3476rD0fQnezhTZdOdA5Jriz3AX2cyhz6FQr%252BkRyCFPV0E5ecwZEVAUpsBrioMiZ3GIWeHRzSTTdoSPhERnkLF1jhUi9SE35gGnyF7Hm%252BPUTe2a8qgaQQiIHzmSqFRrTYhnA5YkOJmXKkhuCXk4h%252BzDaH4gH0HdySFBMONQhXp%252BoIlex5XIWoUqMK6AGMzNjuwxgqtXMAoE%252FLkyBiv4fQLINjxknGXjXJT8sPD0MOGTr%252BM7GByOMk1bmclA34H1rFfEI4PpAPdEzGjhfbwErHNkDuPjt7z%252B7es6ee0djxgWGHDshfDHSKgz44U3lCoqihbreqLRh9CoN14Oqsy8k5xANqlRH1eN4VZllgXlv%252BqsvhnEKDl7Qh4119jJtasbUl1c8TAm8gm3VWQxoBM5JhMelqYDOIDAdwfzhuSN5ubYdixLkcKNi3ILomQHVgBqkzkEh5uRchUb8plLFsOtsr0EDI%252FcDZo%252BhyZZfGlQR06y1p9IAVu%252F3pW58Hkhm8VKEjnGlzd72%252BvLvdfBlCAneKdyFRB%252FZroYtDYu8R8cuHzVAWetVegeAFErRqB0xUHV7ulEqdPJpvmvEjq9%252BuCV9FvR7u5K9OROx3u4OjD86GVuw%252FdyKm4p7y1BHDlCnPdaDkavJnBrDjflBV9X9HTGh2xclev95DCOMo6nvpK4QK1Yv%252BxFlmhjzRO2J127Ld%252BAQwtdMTwDz3eeyBqbBLOdi3gapTqZLTCkmfj9Qs3%252Bnto6r36xTz7djdk5ArTxdP%252FwIZIdzu%26pcode-icookie%3DQy72ZfHLUvxd7jMyh7O3T8XbvMiPVXMdNWLGcaq57St0BzV2%252FkexXVDOhTRyni%252BaQYF4h82%252B%252FsSsa0Np%252Fjg6ld036gU%253D%26duid%3DMTY5MDYwMzc5Mjk1Njc3NjA2OQ%253D%253D%26imp-id%3D1%26enable-flat-highlight%3D1%26comboblock-unencoded-vast%3D1%26test-tag%3D4947802324994%26ad-session-id%3D2632071690603792264%26target-id%3D14281342%26tga-with-creatives%3D1%26top-ancestor%3Dhttps%253A%252F%252F1275-ru.translate.goog%26top-ancestor-undetermined%3D0%26pcode-version%3D816137%26pcodever%3D816137%26flash-ver%3D0%26layout-config%3D%257B%2522win_width%2522%253A1600%252C%2522win_height%2522%253A1200%252C%2522pixel_ratio%2522%253A1%252C%2522bandwidth%2522%253A10%252C%2522supportHDRBrightness%2522%253Afalse%252C%2522isInIframe%2522%253Afalse%252C%2522w%2522%253A300%252C%2522h%2522%253A0%252C%2522width%2522%253A300%252C%2522height%2522%253A0%252C%2522visible%2522%253A1%252C%2522fullscreenHeaderHeight%2522%253A80%252C%2522left%2522%253A1050%252C%2522top%2522%253A205%252C%2522ad_no%2522%253A0%252C%2522req_no%2522%253A0%257D%26grab-orig-len%3D5120%26grab%3DeyJncmFiX3ZlcnNpb24iOjIsIm9sZF9ncmFiX3NpemUiOjEzMX0KEqQ2keO4ZUEE1u3DJv9sagTdN-Uv69KUk6X91kgSlvN3dze3qWWqaipmpl1XbGlp6CeS_iKM58uZJQ8j-F_pJeuyrVCvCrkMAu6m1FSXtJUgGT9TM3fAAYJ2cipSsMnApcqpkCHNUSCn1PIsRzZ1NY8OTUpBmSWxF2QJpAndV0hjFGLb7FM1dC03rJzSkIh0Q2JqLYc0OmftwOSogsNIwaeKA__QAuAFmHy4AkwBsAJcAV4uAEaAL4AmwOUjEOCizSFFI1MlUtRoZG3aqNGopiptqIH0eGjk5QmNpKkzF09Jg4jWblrXTZFqGmLavBtitYlViGjpnKSkIEOagU2V9zxO4zgXwPxwMAT4-UfEzD8UDAGeAIsP_1MB5qA4AvxDYPIR8uHlYFNRZmkah_lB4L9voP-2LcJ6l3grzYeTHwpn-VwO658ILgMiTf7LmOXyL8IpNccRAM0HgQ8qGydYeeUNjw_yJc_rt3c51i_i5nzQDrVgsPgg8eHuNVwB7D8irOP94DdjbW1WmssNq_ysHGYZNN_sC4CmlaNGIy8FGIZNkHfp1DSIaEWGpmZqk4ikU22Z3awplKq5ZoqJpU0BzvY5X7hpZ3EUpDwJy9AlU800dYrtqds5oShrktHsTG-ayBBrJpK9brcx9Uw3iWUqLWo0tomEt0Uz1XbpyQUhMkWZ1BQT5c9Pa-JfnnbTPyLic3uAbhN4Aujb6Su-jW7aVgrYl_-l5IOARj5LaDadbXOmyFom4mZjGF0RyUyxeH-FUinj56G_s_eBvigJyVaJ8X8NnW0KNVuQfCr531hg7LxUQ5RJmlh4fkIpT06Rl5r1ZOtC3VQJytGVLBJ3fiZZJELpe5zDlDJ-0Exi8VSFTySTMPmUEk69McmgQknFJCsA4Jp17MfkY48jJBdKGTeplENrU-8yWua6FzEMlVNcgl7mFIGSOBYBnuibnheWTFPMyqvK35qb_XHSHzKb0gLGe-QJcT2--HwFUwlEivhdXhVqmUg4pKYmy5mcWza1rDijTCgZ4mk-T3dDYkMnyEyj5-okzqZIrUBjdiLbMPQK3qfIvN8WiKarmXBWCLtJ75g6QZe1TlSliW_Z7ElQIYgmIqHCl0gnEKmGuEJo7e6pZp8OEaIddSWfAelkqeVY9-v657qEJppiHuwpAeTtMX41hWseqx1EqLgeaAL8kgEW3txYK_I84JoNWcJb9ty-6oo_0zcVD--Eda7C15RM4lbSvOnjQJKQcEtCS2dgpugqt1YNK3xZxO1ZLSgGcekc7YsFAL_pgXdrAnTV1JhVk1-58xaqpqShThzq1KO-no1WK14eqEdWIueLRKgBQE9WPfmt57HjYu7vpZT1fBD5IOR8UJbpvaI_es2-IvU27s3qHiqj4gmwP0pV0DDqzydYmAC6sk0As46MLcD-dkoqZCggpCLLqdHIRTXtCkiZIP9ivM0_MJ-hdIC1mcapYuRm1w3NsFS0OS0qxYko14lozzsnX709xSuGkoqcAhUVGLTKcgEg6uTYewXjAC8GmKTgIs0hoUD8CNfMcVNKqhJImyZrTc3BnWJi4To50utVrVjbs2A1iHcbJXLyTGaCfqN89bnFgvZZQOOEMrcl9HOyNXpkXKLmB0FNGawKK7Vb7rXsuEzBS8OrMzchT5YAkyZ_CCOo9cJSQp85wLBqzqqbYivJxV6hT46Q65IllFnnxb88OWlOgbjLXulWB4BVPDonRw5BDsmT_6LaOfIBeutqDkGtKMT5C44vgL6mEP3gRWYQNp1U1qTSrCq-aulu-rEVp8PPUTXN1H-C9Iq9nZ0itkxioV4TnkOCipIUYpqytvrgK4lXm8Mt-_BqcOHfU6sLrpvD_Cv8Ovab2rKwN7VNVqfH2slfLmZnxa0ZBLKhsHK8iBAAyBYf0DXH0GrAKdt2IIUHhkzjb6yWBHDCZuOeN-y2xgd0nRKnqmxMdk-o1PYtD6cIQFc6OZsDcfJWG8ZhrcPyw651Qlgb-_g0Gyy_vI9fDArPKtc4wM1rKzAfePAZW0w-nDV35RkGu3FaNwYBw4LHWw4J11LWOOYjLHZxR8Ha1TXvWDVgsaup3IV7tkbuc1hrhF2yA39jvoAhrKPCe1xe_AFcd8Auiflk1bu4YbdVgldVP1MEb0-rxtlqi7_j4SmeeXO1QDydgLm-hFN0MZurPPLwiq3BU0z2-gB8hba3nnJ-HL_mhirwW-cSqCXJtax7FpoSXXgsSn_Li6Aug1MrvuagpHido1QJWjHMSlxjlSEBSAAoAYBWwd-CWSsNLLuVrupug7S4K6fIfMD8Des1Bo2rrbfYyifsxxBOzSjCHDwqgASbioymBhvHIvJSWkzaC85l6-erPWuLeHmY5qx7odNsOUr5cVkLw4d7xX7LSaRP2ocoW4EAirS4dfVLTD7IVedR1i9KQ28PbdqG5Mx2qUG8vKDVDMFbg1wcdmOXY792pmvKjWPFKGzAnHkM3N69vl5d3H_3S6rSOQv-8z3XXKN5_mhPo5CIbhUL3fssZXMZOipN3hCLpL-tC7XTrqsMTT67aiIxVfM0gnk2Ek0u0pvV1C6zzCtKmlwiNKv4jq-pbUqVxvlwHy0gcxrHXy_FyOrlpU9pkL0ntLno0xMauv3dwzCIJFMnOtQUqsa3SGly2Qc8g2LHNRCbO3T_Z4XeIRH9d15StsTZQsnHMhRZQ_iCGESHFjUxEpGYJtcIPsW_CU2x1kUHWXrntxOb6jYqPFXz-sKm3-U6BzCsM8irv2HVzmDWjDJ1xdWcNX3MpgFtDl5ryN4BTU6F6DQ-mhxllxpC-2Bgkb7kUmGTmIiXKS-AUT15LThciLneAxwnsgq7EtRqnTGZmbyVaakEJH4xBTgX3lnWeeBzJ8FVwhC3dFttFJOOUFyGudFdxtiOr8evFSzqdM0s1rLtEFYmNij1RCkR9OrBuNV-FjPIcSlFI2OwYIzYdPrLJ26c6ubFM4tpzBWtC5s3Ya0v3m6Az2V-nL1TvRZuUbM5p0KrJGBsZm6W8RXelQnG9UR8er2voscwEs-ObguKGlbo8aBWw4id11DFrDT9qnDgKQxVtv6LKalrSl7hrbJjTF3PIeFRuiHOa_IR1FZxWRNTlEgxLNDqpSKIU6uBdClSvMNpRJODRwYGMqTIwaHJSSvVKIdQoRopkcVGPj3PrskMi0dT1aqf0aLzTEJSSNiZKYEMH0275aBrGUbRbIVPvQOOifxUgMdCATSk6F-Q3vIyuLDCXMJdusRGTATIS1KEkQgYVcAkW8iD2EmIDS4JsSxGf-fF0MgiZfWh0SxJ7-_LVFWkoZXLp7SZEpGhq9M29Ektbqq8Uhg0uSZ9STWSq1VDzh0bKnkCtOiyEEEZH4tYLmmadgnIvy-8goMCHkgOakAZD1NsN8TUIpkIAwfVkBDYRqcmIpZrepdvDJD0h2_T5VD7UyrUuxTKuVqaCuVcNbEN5VxVHQNXyTSl1LOp1KaYWjjlinaRT5Ep3wpaFvXURIihiqcYXa669NQS1RDLDOESW1ALNajcRIRIRD2IAdac0R1M2oY2OxG13eTkKCjJkJMihwApNQWYlOBTgYOSgpqcCgW4ECIHk4wCGbgoKKmQokAODikFGeBRUFJQIyNDDiYYCricDBklWCiQgr-EqnJSMMChpLv1TKczHoV2kz5zQp3a0oGIXWKhxBRPaoktNwinvODVauiW2uiqMZq-wCKhRt0NakRTTijKTHGXfox7onk24xRpcsI2MLivNsXaNG8hzk3CylFxJeIplTadAAM3QkJC6rlVNu25ISmSConPnpMjkRQCjL3ZK7F9pogycgiov6zK2o0hlJxelk9WykUNusboushsut7eiLh_q1jddJQFqzzlUoU0VWMyoBXH_gq8all2xZ0kM3adKPSGE8w5ksCbMz19PpyBM6w45M6eBNHwkmhE3W9-GFuR4ziR7QdzRFEPrJTz54VpbPU46d6Y1mxxT2YSOmkUdDt1o4D7F6Z-8Kte5F7QtePYif0eh9OPeuzPztkSxunw7B45iRX3kU5n-m7Ykx66PYrCFnP-nKSFfjysJE4iq9nN_bHAbjOwLdeyLO5fECfpiGw3sOyzXf04DcZsH8vzZk9n51jEoHuh78_E86w-px238eJGyQzCHrvWHNw_P0jSt_9iurZnpUnstDE-kzudHtuOy_1ze_DW4iiM3CCyI8_x0sgb9uxxb93vHvfPse14tBla8Wewo2YFid2TtPv2iFvqTc5fO7cRzj4s34l7PN1zTV7U5tnv0Of-jS1T669glLQ0Tjw7cno4wyiIvZl2jmLpYyZW2F0_iZ-0OIqiFy62YyeJ7MRtnOx12_Ks6aSJlyZtJs16mM82Yu85SCM_4f7Z0XMywpE01_I_kh_57nPvJE-slQ6XJbZ4bFr2wEqTHnieO5oXbe0T_4uab28FezpaHM3YmVbiepHthVGYOCN5pPaHqe3EzeJUKvUsZ6Q7TRxEQeo-sX78_ARt49pygmfasi07HH0OK3UcP3G6n6bBS_okcu5--wtkRyP1PSecowVONKwgeqS6UeJ4SdJnEowH1HenyfM7vBbE9800CcKAE0pJT8bww_YLkTVaMl0rtftwQrvZjn8PfaD6D1rLjRy7PZBn6EauNcJoxOm0Iva7znt8z-FjPvHa3TFt4Y--tySOkyc4mJ4dtOHa437xykeO671wVjQcm8MuDdvDcaR9Rult_RxOi0MvGYnjJr77OO5BlLj-nS58X6njRml81x1Jt6brOKHH7sEPdyt6Uu-4H9yK3mewBX5Xj4f4FtsKHqUjDN0RrhfOEQehbYd-HxEn3ILt37Ieuv7wm_XgcGLnrnIP-fA9CRIruYn1Urc7jufF_juN0h7F6U1zODj-8sK4XhiO6NUOhne3T7woSpMwir1DfH5vQSx3JlGQRLH1LttHcBPHmd3luOJW3X4Uzjb96YVJnFo38m3G_oMjijzPd7w3ZTmfecZB8sq7zU7D8TZv_jn23rmnuA_i1gIvsqKZes2JgtumoKX-bPatnNu8MA5eyqg9SsInr8V3-mgEdzLu3Tktb83MEzm84G50gx2M%26uniformat%3Dtrue%26callback%3DYa%255B4520103232128%255D

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3761958e87099b26e66641e386b45f6e4ed5ecda334079172984c116699d64b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 29 Jul 2023 04:09:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 7798bff124e075e04f12.js Show response
yastatic.net/partner-code-bundles/816137/ 7 KB
3 KB 329ms
222ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/816137/7798bff124e075e04f12.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

9cc3d06da338ba7c172c4507b66327de16b1baff9e45f7cdeea2184e49629610

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://1275-ru.translate.goog/
Origin: https://1275-ru.translate.goog
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 2087
last-modified: Fri, 28 Jul 2023 16:55:36 GMT
server: nginx/1.17.9
etag: "f08c23cc3b03a17d2292505f9573a524"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 28 Jul 2053 10:45:03 GMT

GET
H2 200 82e0094d3e13c3fe2631.js Show response
yastatic.net/partner-code-bundles/816137/ 627 KB
118 KB 205ms
204ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/816137/82e0094d3e13c3fe2631.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

067d2c121efad41c8c62573255569542350b4f9eb23ad9bce3d2cd276ddecd26

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://1275-ru.translate.goog/
Origin: https://1275-ru.translate.goog
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 120259
last-modified: Fri, 28 Jul 2023 16:55:36 GMT
server: nginx/1.17.9
etag: "c5e278a9b2560f9d4fc0fae95c529c7a"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Mon, 28 Jul 2053 10:45:03 GMT

POST
H3 200 t Show response
translate.googleapis.com/translate_a/ 812 B
512 B 168ms
124ms XHR
application/json 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/t?anno=3&client=wt_lib&format=html&v=1.0&key&logld=vTE_20230726&sl=ru&tl=en&tc=0&tk=507922.60030

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US._yudoeLt4Lw.O/d=1/rs=AN8SPfpl1Fyg_5y4j0o-171nnMOCorjeLA/m=el_conf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ccf54cabfb101933dca9ceb9a7cb8152f7a8e2dd1e67fdb4ffb695066e973ffc

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport, script-src 'report-sample' 'nonce-t9ha8b3GOf4u39CD7_qvjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://1275-ru.translate.goog/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport, script-src 'report-sample' 'nonce-t9ha8b3GOf4u39CD7_qvjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 200 t Show response
translate.googleapis.com/translate_a/ 734 B
486 B 165ms
122ms XHR
application/json 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/t?anno=3&client=wt_lib&format=html&v=1.0&key&logld=vTE_20230726&sl=ru&tl=en&tc=0&tk=237827.297839

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US._yudoeLt4Lw.O/d=1/rs=AN8SPfpl1Fyg_5y4j0o-171nnMOCorjeLA/m=el_conf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b24b086114e58289eb8d0cabc96348e4643fde858eedacaa16be65b5bbe0ba46

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Ho5wsiSsfEoN6W4IAaw4eQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://1275-ru.translate.goog/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-security-policy: script-src 'report-sample' 'nonce-Ho5wsiSsfEoN6W4IAaw4eQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 200 t Show response
translate.googleapis.com/translate_a/ 994 B
519 B 225ms
182ms XHR
application/json 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/t?anno=3&client=wt_lib&format=html&v=1.0&key&logld=vTE_20230726&sl=ru&tl=en&tc=0&tk=992628.528152

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US._yudoeLt4Lw.O/d=1/rs=AN8SPfpl1Fyg_5y4j0o-171nnMOCorjeLA/m=el_conf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d0a8481390307e4c48f27eda55307b082f33605881d0c0b9a606e23e162bc6fd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-udTlJvz0p11xPAK5fGTAFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://1275-ru.translate.goog/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-security-policy: script-src 'report-sample' 'nonce-udTlJvz0p11xPAK5fGTAFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 200 t Show response
translate.googleapis.com/translate_a/ 555 B
421 B 223ms
181ms XHR
application/json 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/t?anno=3&client=wt_lib&format=html&v=1.0&key&logld=vTE_20230726&sl=ru&tl=en&tc=0&tk=392127.184787

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US._yudoeLt4Lw.O/d=1/rs=AN8SPfpl1Fyg_5y4j0o-171nnMOCorjeLA/m=el_conf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e2e2e411f591372afec8d5e0ffe18219db9cfb3f19be988198f7e24ffe7ccb74

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Ezez1Anvk6C0DdBtSbWF1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://1275-ru.translate.goog/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-security-policy: script-src 'report-sample' 'nonce-Ezez1Anvk6C0DdBtSbWF1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 200 t Show response
translate.googleapis.com/translate_a/ 732 B
491 B 164ms
123ms XHR
application/json 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/t?anno=3&client=wt_lib&format=html&v=1.0&key&logld=vTE_20230726&sl=ru&tl=en&tc=0&tk=437393.100093

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US._yudoeLt4Lw.O/d=1/rs=AN8SPfpl1Fyg_5y4j0o-171nnMOCorjeLA/m=el_conf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d5e98bbf7c6c7a40b5cf3a4ff4d1ae4c7f564db479b13d2b3aeeab32b079e74d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport, script-src 'report-sample' 'nonce-gSD9uWWt47pBOGBEC9tENw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://1275-ru.translate.goog/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport, script-src 'report-sample' 'nonce-gSD9uWWt47pBOGBEC9tENw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=RqjULd Show response
www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/ck=boq-translate.TranslateWebserverWebsiteTranslationUi.VP6eytFFYDo.L.B1.O/am=AG... Frame DF25 19 KB
7 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/ck=boq-translate.TranslateWebserverWebsiteTranslationUi.VP6eytFFYDo.L.B1.O/am=AGDOAg/d=1/exm=A7fCU,BBI74,BVgquf,COQbmf,CXsKQe,DFTXbf,EEDORb,EFQ78c,GkRiKb,HwavCb,IZT63,J1hrIc,JH2zc,JNoxi,JWUKXe,JzDP5e,KG2eXe,KUM7Z,L1AAkb,L2d1X,LEikZe,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,P5Thrf,PHUIyb,PrPYRd,PxcVCe,QIhFr,QM0Gm,RAnnUd,RMhBfe,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VNcg1e,VwDzFe,W225x,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_r,_tp,aW3pY,aurFic,bTi8wc,byfTOb,cSdwA,e5qFLc,fKUV3e,gychg,hc6Ubd,i5H9N,i5dxUd,kWgXee,lsjVmc,lwddkf,m9oV,n73qwf,ovKuLd,pKzUve,pjICDe,pw70Gc,qNG0Fc,qRXAtf,rFVO7,s39S4,sJhETb,sMS7Ab,soHxf,t1sulf,tQKCld,thZ3rf,tsNC9c,uu7UOe,w9hDv,wg1P6b,ws9Tlc,xQtZb,xUdipf,xzbRj,yDVVkb,yRXbo,ywOR5c,zbML3c,zr1jrb/excm=_b,_r,_tp,iframenavigationview/ed=1/wt=2/ujg=1/rs=ANkVxDl3Vimk4bTQXG4eZgizY1ugtsuOZw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79a54539ecffa36e7ce14dbe15436a860b401839c8dc8b6ba5e42f35c07a2f72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 23:38:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16290
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/translate-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6695
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 00:24:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/translate-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/translate-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/translate-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 27 Jul 2024 23:38:22 GMT

GET
H3 200 m=bm51tf Show response
www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/ck=boq-translate.TranslateWebserverWebsiteTranslationUi.VP6eytFFYDo.L.B1.O/am=AG... Frame DF25 1 KB
706 B 22ms
21ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/ck=boq-translate.TranslateWebserverWebsiteTranslationUi.VP6eytFFYDo.L.B1.O/am=AGDOAg/d=1/exm=A7fCU,BBI74,BVgquf,COQbmf,CXsKQe,DFTXbf,EEDORb,EFQ78c,GkRiKb,HwavCb,IZT63,J1hrIc,JH2zc,JNoxi,JWUKXe,JzDP5e,KG2eXe,KUM7Z,L1AAkb,L2d1X,LEikZe,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,P5Thrf,PHUIyb,PrPYRd,PxcVCe,QIhFr,QM0Gm,RAnnUd,RMhBfe,RqjULd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VNcg1e,VwDzFe,W225x,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_r,_tp,aW3pY,aurFic,bTi8wc,byfTOb,cSdwA,e5qFLc,fKUV3e,gychg,hc6Ubd,i5H9N,i5dxUd,kWgXee,lsjVmc,lwddkf,m9oV,n73qwf,ovKuLd,pKzUve,pjICDe,pw70Gc,qNG0Fc,qRXAtf,rFVO7,s39S4,sJhETb,sMS7Ab,soHxf,t1sulf,tQKCld,thZ3rf,tsNC9c,uu7UOe,w9hDv,wg1P6b,ws9Tlc,xQtZb,xUdipf,xzbRj,yDVVkb,yRXbo,ywOR5c,zbML3c,zr1jrb/excm=_b,_r,_tp,iframenavigationview/ed=1/wt=2/ujg=1/rs=ANkVxDl3Vimk4bTQXG4eZgizY1ugtsuOZw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=bm51tf

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc47344771fb74894c39f04a42b55c5c9e2a2969cc81be92db351c4d55eac87d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:58:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108683
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/translate-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 680
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 00:24:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/translate-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/translate-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/translate-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Jul 2024 21:58:29 GMT

GET
H2

200

sync_cookie_image_decide
mc.webvisor.org/
Redirect Chain

https://mc.webvisor.org/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=10078.VbfYAajpGEW5si4feg0InfjFtcF7SmZBcTiriHyvpU-xrT-tHEW6i-Yl7tvJyrvu.yKiEkC-cg_MIlIkDcul0WCpct0Q%2C
https://mc.webvisor.org/sync_cookie_image_decide?token=10078.CAnO-oBdkBXHjNwJ660sSEf40N42Sz7DMgBpPN38CT2lGATtwZq30HgiIl2mgiO7_L8F55wgtnW3LY95mndm8nA7ESyISRuuxrEwZMXlDld9pd4zP2Flk4KNZZx0t5TjXqPE46Rt...

43 B
507 B

77ms
76ms

Image
image/gif

154.47.36.132
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.webvisor.org/sync_cookie_image_decide?token=10078.CAnO-oBdkBXHjNwJ660sSEf40N42Sz7DMgBpPN38CT2lGATtwZq30HgiIl2mgiO7_L8F55wgtnW3LY95mndm8nA7ESyISRuuxrEwZMXlDld9pd4zP2Flk4KNZZx0t5TjXqPE46RtIN0ORFAKYb_6deQf6go47rEYps1DNrS-tfT-_1KIVRLjXtzbwrEaEnBQtFPEu2iPxCw2fWhHUQof1MQWo6FEfFk1HyCgb7UmS7Q%2C.SYz8NibYr7yp20dL001WJagBJ2c%2C

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Server

154.47.36.132 , United States, ASN174 (COGENT-174, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.webvisor.org/sync_cookie_image_decide?token=10078.CAnO-oBdkBXHjNwJ660sSEf40N42Sz7DMgBpPN38CT2lGATtwZq30HgiIl2mgiO7_L8F55wgtnW3LY95mndm8nA7ESyISRuuxrEwZMXlDld9pd4zP2Flk4KNZZx0t5TjXqPE46RtIN0ORFAKYb_6deQf6go47rEYps1DNrS-tfT-_1KIVRLjXtzbwrEaEnBQtFPEu2iPxCw2fWhHUQof1MQWo6FEfFk1HyCgb7UmS7Q%2C.SYz8NibYr7yp20dL001WJagBJ2c%2C
date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

POST
H2 200 1
mc.yandex.ru/watch/89548966/ 43 B
86 B 71ms
71ms Ping
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/89548966/1?page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&charset=utf-8&hittoken=1690603792_3428f6dab4688051bbefe291f79e46b500fb8e57600ec7af273fdfe68dc8072c&browser-info=pa%3A1%3Aar%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A1%3Adp%3A1%3Als%3A36690006041%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040952%3Aet%3A1690603792%3Ac%3A1%3Arn%3A765780987%3Arqn%3A2%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C396%2C6%2C%2C%2C%2C1266%3Aco%3A0%3Acpf%3A1%3Ans%3A1690603790594%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1690603792&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(2)lt(23800)aw(1)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22adSessionID%22%3A%222632071690603792264%22%7D%7D

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 29-Jul-2023 04:09:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://1275-ru.translate.goog
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 29-Jul-2023 04:09:52 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/ck=boq-translate.TranslateWebserverWebsiteTranslationUi.VP6eytFFYDo.L.B1.O/am=AG... Frame DF25 4 KB
2 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-translate/_/js/k=boq-translate.TranslateWebserverWebsiteTranslationUi.en.AM8YT99JM8c.es5.O/ck=boq-translate.TranslateWebserverWebsiteTranslationUi.VP6eytFFYDo.L.B1.O/am=AGDOAg/d=1/exm=A7fCU,BBI74,BVgquf,COQbmf,CXsKQe,DFTXbf,EEDORb,EFQ78c,GkRiKb,HwavCb,IZT63,J1hrIc,JH2zc,JNoxi,JWUKXe,JzDP5e,KG2eXe,KUM7Z,L1AAkb,L2d1X,LEikZe,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,P5Thrf,PHUIyb,PrPYRd,PxcVCe,QIhFr,QM0Gm,RAnnUd,RMhBfe,RqjULd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VNcg1e,VwDzFe,W225x,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_r,_tp,aW3pY,aurFic,bTi8wc,bm51tf,byfTOb,cSdwA,e5qFLc,fKUV3e,gychg,hc6Ubd,i5H9N,i5dxUd,kWgXee,lsjVmc,lwddkf,m9oV,n73qwf,ovKuLd,pKzUve,pjICDe,pw70Gc,qNG0Fc,qRXAtf,rFVO7,s39S4,sJhETb,sMS7Ab,soHxf,t1sulf,tQKCld,thZ3rf,tsNC9c,uu7UOe,w9hDv,wg1P6b,ws9Tlc,xQtZb,xUdipf,xzbRj,yDVVkb,yRXbo,ywOR5c,zbML3c,zr1jrb/excm=_b,_r,_tp,iframenavigationview/ed=1/wt=2/ujg=1/rs=ANkVxDl3Vimk4bTQXG4eZgizY1ugtsuOZw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1ad67a764cab19af664e29f02128ee59be1b9c138f768d3f15edcb81aa415c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:58:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108683
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/translate-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1677
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 00:24:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/translate-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/translate-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/translate-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Jul 2024 21:58:29 GMT

GET
H3 204 gen204
translate.google.com/ 0
25 B 40ms
39ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://translate.google.com/gen204?sl=ru&tl=en&textlen=420&ttt=468&ttl=195&sr=1&nca=te_time&client=wt_lib&logld=vTE_20230726

Requested by

Host: 1275-ru.translate.goog
URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-NoX_9rHJozRSix3SigkqTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-security-policy: script-src 'report-sample' 'nonce-NoX_9rHJozRSix3SigkqTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: image/gif; charset=us-ascii
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 200 t Show response
translate.googleapis.com/translate_a/ 972 B
497 B 156ms
156ms XHR
application/json 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/t?anno=3&client=wt_lib&format=html&v=1.0&key&logld=vTE_20230726&sl=ru&tl=en&tc=0&tk=106565.428585

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US._yudoeLt4Lw.O/d=1/rs=AN8SPfpl1Fyg_5y4j0o-171nnMOCorjeLA/m=el_conf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a2612407c0e85d6b74c6bf032b458063e1e945ebbe756ab6780d7796288800a6

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport, script-src 'report-sample' 'nonce-NP3Q7ZwCjeYrCGab1c2NXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://1275-ru.translate.goog/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport, script-src 'report-sample' 'nonce-NP3Q7ZwCjeYrCGab1c2NXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1788970 Show response
mc.yandex.ru/watch/ 399 B
590 B 74ms
74ms Fetch
application/json 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/1788970?wmode=7&page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A3%3Adp%3A1%3Als%3A1306907738516%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040952%3Aet%3A1690603793%3Ac%3A1%3Arn%3A495715465%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Aeu%3A1%3Ans%3A1690603790594%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1690603793%3At%3ATURLA%20APT%20IOCs%20-%20Part%203%20-%20SEC-1275-1&t=mc(p-1)clc(0-0-0)lt(23800)aw(1)ti(1)

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

dfb1c40ced15d76883c86ab060965339f1d24c1ad0a96c11797fc8f98d2d9216

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Sat, 29-Jul-2023 04:09:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://1275-ru.translate.goog
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 399
x-xss-protection: 1; mode=block
expires: Sat, 29-Jul-2023 04:09:52 GMT

GET
H2 200 sync_cookie_image_check
mc.webvisor.org/ 43 B
67 B 80ms
80ms Image
image/gif 154.47.36.132
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.webvisor.org/sync_cookie_image_check

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

154.47.36.132 , United States, ASN174 (COGENT-174, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

POST
H2 200 1
mc.yandex.ru/watch/1788970/ 43 B
74 B 76ms
75ms Ping
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/1788970/1?page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&charset=utf-8&cnt-class=1&hittoken=1690603792_65cca88a0b09a982d699e1acad0aa29dc779dd68642b3404339391ef668be1a5&browser-info=pa%3A1%3Aar%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afp%3A1180%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A3%3Adp%3A1%3Als%3A1306907738516%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040952%3Aet%3A1690603793%3Ac%3A1%3Arn%3A988727592%3Arqn%3A1%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A42%2C52%2C766%2C9%2C0%2C0%2C%2C396%2C6%2C2161%2C2161%2C1%2C1266%3Aco%3A0%3Acpf%3A1%3Aeu%3A1%3Ans%3A1690603790594%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1690603793&t=mc(p-2-h-1)clc(0-0-0)rqnt(1)lt(23800)aw(1)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22adSessionID%22%3A%222632071690603792264%22%7D%7D

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 29-Jul-2023 04:09:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://1275-ru.translate.goog
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 29-Jul-2023 04:09:52 GMT

GET
H2 200 1788970
mc.yandex.ru/watch/ 43 B
0 68ms
68ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/1788970?page-url=https%3A%2F%2F1275-ru.translate.goog%2Fioc%2F2350%2Fturla-apt-iocs-part-3%2F%3F_x_tr_sl%3Dauto%26_x_tr_tl%3Den%26_x_tr_hl%3Den%26_x_tr_pto%3Dwapp&charset=utf-8&cnt-class=1&hittoken=1690603792_65cca88a0b09a982d699e1acad0aa29dc779dd68642b3404339391ef668be1a5&browser-info=pv%3A1%3Aar%3A1%3Avf%3A7h8dgiykw9ep6hmqxf1cue7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1082%3Acn%3A3%3Adp%3A1%3Als%3A1306907738516%3Ahid%3A536417786%3Az%3A0%3Ai%3A20230729040952%3Aet%3A1690603793%3Ac%3A1%3Arn%3A198819563%3Arqn%3A2%3Au%3A1690603792956776069%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Aeu%3A1%3Ans%3A1690603790594%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1690603793%3At%3ATURLA%20APT%20IOCs%20-%20Part%203%20-%20SEC-1275-1&t=mc(p-2-h-1)clc(0-0-0)rqnt(2)lt(23800)aw(1)ti(1)

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1275-ru.translate.goog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 29 Jul 2023 04:09:52 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 29-Jul-2023 04:09:52 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://1275-ru.translate.goog
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 29-Jul-2023 04:09:52 GMT

POST
H2 200 log Show response
play.google.com/ Frame DF25 131 B
583 B 84ms
32ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://translate.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sat, 29 Jul 2023 04:09:53 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://translate.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 29 Jul 2023 04:09:53 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 1275.ru
URL: https://1275.ru/wp-content/themes/reboot/assets/fonts/wpshop-core.ttf

Domain: 1275.ru
URL: https://1275.ru/wp-content/uploads/2022/07/security.jpg

Domain: 1275.ru
URL: https://1275.ru/wp-content/themes/reboot/assets/fonts/wpshop-core.woff

Domain: 1275.ru
URL: https://1275.ru/

Domain: 1275.ru
URL: https://1275.ru/cdn-cgi/challenge-platform/h/b/cv/result/7ee2823c6afdd0b5

Verdicts & Comments Add Verdict or Comment

221 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.1275-ru.translate.goog/	1970-01-20 22:22:19	Name: _ym_uid Value: 1690603792956776069
.1275-ru.translate.goog/	1970-01-20 22:22:19	Name: _ym_d Value: 1690603792
.yandex.ru/	1970-01-20 22:22:19	Name: bh Value: KgI/MA==
mc.yandex.ru/	1969-12-31 23:59:59	Name: yabs-sid Value: 1682804371690603792
.yandex.ru/	1970-01-20 23:12:43	Name: i Value: 7hSDUfhIw69sbuGtSwpShwujGHc0+fTnikb3WEPzTrndGxx/4Nu7xCA7wE9vzGq5mmRtjuCkWS8RVR0h555K4HLlSSc=
.yandex.ru/	1970-01-20 23:12:43	Name: yandexuid Value: 1269047421690603792
.yandex.ru/	1970-01-20 22:22:19	Name: yuidss Value: 1269047421690603792
.1275-ru.translate.goog/	1970-01-20 13:37:55	Name: _ym_isad Value: 2
.mc.webvisor.org/	1970-01-20 13:36:44	Name: sync_cookie_csrf Value: 1060439320fake
.mc.yandex.ru/	1970-01-20 13:36:44	Name: sync_cookie_csrf Value: 1198882298fake
.webvisor.org/	1970-01-20 23:12:43	Name: yandexuid Value: 1269047421690603792
.webvisor.org/	1970-01-20 23:12:43	Name: yuidss Value: 1269047421690603792
.webvisor.org/	1970-01-20 23:12:43	Name: i Value: 7hSDUfhIw69sbuGtSwpShwujGHc0+fTnikb3WEPzTrndGxx/4Nu7xCA7wE9vzGq5mmRtjuCkWS8RVR0h555K4HLlSSc=
.mc.webvisor.org/	1970-01-20 13:38:10	Name: sync_cookie_ok Value: synced
.yandex.ru/	1970-01-20 22:22:19	Name: ymex Value: 1722139792.yrts.1690603792#1722139792.yrtsi.1690603792

14 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp Message: Access to font at 'https://1275.ru/wp-content/themes/reboot/assets/fonts/wpshop-core.ttf' from origin 'https://1275-ru.translate.goog' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://1275.ru/wp-content/themes/reboot/assets/fonts/wpshop-core.ttf Message: Failed to load resource: net::ERR_FAILED
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ch-ua-form-factor'.
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
javascript	error	URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp Message: Access to image at 'https://1275.ru/wp-content/uploads/2022/07/security.jpg' from origin 'https://1275-ru.translate.goog' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://1275.ru/wp-content/uploads/2022/07/security.jpg Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp Message: Access to font at 'https://1275.ru/wp-content/themes/reboot/assets/fonts/wpshop-core.woff' from origin 'https://1275-ru.translate.goog' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://1275.ru/wp-content/themes/reboot/assets/fonts/wpshop-core.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: about:blank Message: Access to XMLHttpRequest at 'https://1275.ru/cdn-cgi/challenge-platform/h/b/cv/result/7ee2823c6afdd0b5' from origin 'https://1275-ru.translate.goog' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://1275.ru/cdn-cgi/challenge-platform/h/b/cv/result/7ee2823c6afdd0b5 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp Message: Access to fetch at 'https://1275.ru/' from origin 'https://1275-ru.translate.goog' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://1275.ru/ Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://1275-ru.translate.goog/3cbab51d-6f44-4569-b131-140fd3802204/ajax?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp&u=https%3A%2F%2Fyandex.ru%2Fads%2Fmeta%2F1788970%3Ftarget-ref%3Dhttps%253A%252F%252F1275-ru.translate.goog%252Fioc%252F2350%252Fturla-apt-iocs-part-3%252F%253F_x_tr_sl%253Dauto%2526_x_tr_tl%253Den%2526_x_tr_hl%253Den%2526_x_tr_pto%253Dwapp%26charset%3Dutf-8%26pcode-test-ids%3D801255%252C0%252C73%253B810908%252C0%252C91%253B810507%252C0%252C19%253B807808%252C0%252C96%253B812562%252C0%252C62%253B809335%252C0%252C79%253B806799%252C0%252C76%253B805303%252C0%252C34%253B808035%252C0%252C63%253B801974%252C0%252C82%253B798890%252C0%252C10%253B810139%252C0%252C19%253B810143%252C0%252C49%253B815274%252C0%252C33%253B815193%252C0%252C69%253B681843%252C0%252C13%26pcode-flags-map%3DeJy1WFlz2zYQ%252Fi96jlLeh99AEqRQ8SoASlYyHoxqq646st1xnDRxxv%252B9C4C2RFmFlKN%252BoElQ%252B3Gx57f4OpohJtikmQuUiRIluBR5QwWpRYLqGtPR2fuvo0%252FLzcfV6GzEaYdHb0YPqw8P5Aqeg8B1vXD0dPFmC9PSJutSzkRTixZ1DBsRQjv2XI2Aa5SUWOC0qbYgJWFcKjMjGW7kDbxNGoFoNYBdff57D9V3fYWaEaZg06aruaA4IxSnEhK1rVkzx%252FI852VvsBFRdSUntClLQKu5vMFUzBFPJzgTnFRYNHnOMDfjuo4V7tmMEw4qojoTSZMtpCdaRFGFOeBnOEfw3QFmjko2BPVCL9iCUszpQjqgxnze0KnAlDZmV4Z%252B4IXxC0LvDJYiuJZkCrcdneEFIM5BJUaK2gwXWKEbvoL7EYyyqQuRl6iQNuvKTIAHy4VgU9Jq489Q2R2JtjAIo%252BAFEfyWTiHoF03HBSsbuJB3GHzQ1RmiBLMjYJHt2UP18HmrVYQATjFjBNbgJRfnVWkGi1zbC08HE8kCjJoJtoB0%252BPnQKMtERfR6WjYM4juhKJ0eM8l37SJtMiw6Wp6MLb0tXdZSrLJxm5e6TPTvB3C2BX8DvNiNQ%252BsIXtLlOeQgrlq%252BgDSoyD7oNyPOWkSyn69h3sH996LWslT%252FZE3%252FA%252FOH%252FHMY8%252F%252BzwPd6X8Z%252BQVEiSlwXfDIQgq4S7YpFVmSF3rYdcFUoZ5gy0gzLY2RbvucNZG3HC6L9IstlooKlWYdK3V5kQ8fn0ExqWMmYue8BaGB53w6qFhjKschl6zr%252BDZ3LC%252Bh6%252BFzQTmRNhUhtauu%252BFTpucFBMQJ%252FnlCRGcce2Aq8Xl5JaRKByjhbMKAkcJdalvlXVCvo%252FwzU3y%252FiOZQ04SM89UkaNgrEdRlpNFYqah4muJjmBOkxqsHmOUmzGiJyeZMhmS3FOMZtAQS5IapIL7MjtTQRbzAmtZImm0GlkhoGDIUkSkhkhwMqOPdg3cCeKCrBX33FlqrKUYlwLtheNr%252FSJba%252FXB0FGNnWvC8olNyIq1GBbKMNmpcIoDjS7kUQuh%252BZeZ0AetDyEzz4bNMsnU8UUmDLJkJqaUWKvD3uJUmIgeoBgpLJBEHmBNueO2QoKpRko1JQ3Zr2jwLPdXfspJijmEwDZwauB%252ByiHFx2Vvb6TVDnFZGY2a2hbXqh5NqVCRxrvaN27Jy0JeJtPaNMVE3NztwFJ27dE7xbKo0Kl2q7Y19Efq4fLP6vl%252FfX6dnRm%252B9ab0c3d7%252BvNil0uN%252Bvb69GZ8zRA9SENFCqrEOXitw53WDGSpJT1TE4Xux94P7pZrjdv7z%252BCbl%252BWt1erz3D%252Fy%252Fpmeb36MFi6Xt6olavH1a3%252B%252BfLT%252BuFO39683Xm4ul33qxL5BQEW7pePm7vHP%252FvXj%252Ff6%252F8f75dvb1T8fXv3gr%252BXdzVqJXhzeYo04%252BEtUmBbymhEkOCqMdQ1mEacPLpUWGHxPMUo59J4jgr5r6eEI5p3nGQWmFvh03VUJNla40LfdvlWqCVFNYyAJTTjBqc5IaDUEascRmNDS0QdlBDhrJQtcoUoOyXJ0wL04yx0UOsHYxrkz9rwUjZMkS8ZZihw3ijAO%252FGxo38j3476rD0fQnezhTZdOdA5Jriz3AX2cyhz6FQr%252BkRyCFPV0E5ecwZEVAUpsBrioMiZ3GIWeHRzSTTdoSPhERnkLF1jhUi9SE35gGnyF7Hm%252BPUTe2a8qgaQQiIHzmSqFRrTYhnA5YkOJmXKkhuCXk4h%252BzDaH4gH0HdySFBMONQhXp%252BoIlex5XIWoUqMK6AGMzNjuwxgqtXMAoE%252FLkyBiv4fQLINjxknGXjXJT8sPD0MOGTr%252BM7GByOMk1bmclA34H1rFfEI4PpAPdEzGjhfbwErHNkDuPjt7z%252B7es6ee0djxgWGHDshfDHSKgz44U3lCoqihbreqLRh9CoN14Oqsy8k5xANqlRH1eN4VZllgXlv%252BqsvhnEKDl7Qh4119jJtasbUl1c8TAm8gm3VWQxoBM5JhMelqYDOIDAdwfzhuSN5ubYdixLkcKNi3ILomQHVgBqkzkEh5uRchUb8plLFsOtsr0EDI%252FcDZo%252BhyZZfGlQR06y1p9IAVu%252F3pW58Hkhm8VKEjnGlzd72%252BvLvdfBlCAneKdyFRB%252FZroYtDYu8R8cuHzVAWetVegeAFErRqB0xUHV7ulEqdPJpvmvEjq9%252BuCV9FvR7u5K9OROx3u4OjD86GVuw%252FdyKm4p7y1BHDlCnPdaDkavJnBrDjflBV9X9HTGh2xclev95DCOMo6nvpK4QK1Yv%252BxFlmhjzRO2J127Ld%252BAQwtdMTwDz3eeyBqbBLOdi3gapTqZLTCkmfj9Qs3%252Bnto6r36xTz7djdk5ArTxdP%252FwIZIdzu%26pcode-icookie%3DQy72ZfHLUvxd7jMyh7O3T8XbvMiPVXMdNWLGcaq57St0BzV2%252FkexXVDOhTRyni%252BaQYF4h82%252B%252FsSsa0Np%252Fjg6ld036gU%253D%26duid%3DMTY5MDYwMzc5Mjk1Njc3NjA2OQ%253D%253D%26imp-id%3D1%26enable-flat-highlight%3D1%26comboblock-unencoded-vast%3D1%26test-tag%3D4947802324994%26ad-session-id%3D2632071690603792264%26target-id%3D14281342%26tga-with-creatives%3D1%26top-ancestor%3Dhttps%253A%252F%252F1275-ru.translate.goog%26top-ancestor-undetermined%3D0%26pcode-version%3D816137%26pcodever%3D816137%26flash-ver%3D0%26layout-config%3D%257B%2522win_width%2522%253A1600%252C%2522win_height%2522%253A1200%252C%2522pixel_ratio%2522%253A1%252C%2522bandwidth%2522%253A10%252C%2522supportHDRBrightness%2522%253Afalse%252C%2522isInIframe%2522%253Afalse%252C%2522w%2522%253A300%252C%2522h%2522%253A0%252C%2522width%2522%253A300%252C%2522height%2522%253A0%252C%2522visible%2522%253A1%252C%2522fullscreenHeaderHeight%2522%253A80%252C%2522left%2522%253A1050%252C%2522top%2522%253A205%252C%2522ad_no%2522%253A0%252C%2522req_no%2522%253A0%257D%26grab-orig-len%3D5120%26grab%3DeyJncmFiX3ZlcnNpb24iOjIsIm9sZF9ncmFiX3NpemUiOjEzMX0KEqQ2keO4ZUEE1u3DJv9sagTdN-Uv69KUk6X91kgSlvN3dze3qWWqaipmpl1XbGlp6CeS_iKM58uZJQ8j-F_pJeuyrVCvCrkMAu6m1FSXtJUgGT9TM3fAAYJ2cipSsMnApcqpkCHNUSCn1PIsRzZ1NY8OTUpBmSWxF2QJpAndV0hjFGLb7FM1dC03rJzSkIh0Q2JqLYc0OmftwOSogsNIwaeKA__QAuAFmHy4AkwBsAJcAV4uAEaAL4AmwOUjEOCizSFFI1MlUtRoZG3aqNGopiptqIH0eGjk5QmNpKkzF09Jg4jWblrXTZFqGmLavBtitYlViGjpnKSkIEOagU2V9zxO4zgXwPxwMAT4-UfEzD8UDAGeAIsP_1MB5qA4AvxDYPIR8uHlYFNRZmkah_lB4L9voP-2LcJ6l3grzYeTHwpn-VwO658ILgMiTf7LmOXyL8IpNccRAM0HgQ8qGydYeeUNjw_yJc_rt3c51i_i5nzQDrVgsPgg8eHuNVwB7D8irOP94DdjbW1WmssNq_ysHGYZNN_sC4CmlaNGIy8FGIZNkHfp1DSIaEWGpmZqk4ikU22Z3awplKq5ZoqJpU0BzvY5X7hpZ3EUpDwJy9AlU800dYrtqds5oShrktHsTG-ayBBrJpK9brcx9Uw3iWUqLWo0tomEt0Uz1XbpyQUhMkWZ1BQT5c9Pa-JfnnbTPyLic3uAbhN4Aujb6Su-jW7aVgrYl_-l5IOARj5LaDadbXOmyFom4mZjGF0RyUyxeH-FUinj56G_s_eBvigJyVaJ8X8NnW0KNVuQfCr531hg7LxUQ5RJmlh4fkIpT06Rl5r1ZOtC3VQJytGVLBJ3fiZZJELpe5zDlDJ-0Exi8VSFTySTMPmUEk69McmgQknFJCsA4Jp17MfkY48jJBdKGTeplENrU-8yWua6FzEMlVNcgl7mFIGSOBYBnuibnheWTFPMyqvK35qb_XHSHzKb0gLGe-QJcT2--HwFUwlEivhdXhVqmUg4pKYmy5mcWza1rDijTCgZ4mk-T3dDYkMnyEyj5-okzqZIrUBjdiLbMPQK3qfIvN8WiKarmXBWCLtJ75g6QZe1TlSliW_Z7ElQIYgmIqHCl0gnEKmGuEJo7e6pZp8OEaIddSWfAelkqeVY9-v657qEJppiHuwpAeTtMX41hWseqx1EqLgeaAL8kgEW3txYK_I84JoNWcJb9ty-6oo_0zcVD--Eda7C15RM4lbSvOnjQJKQcEtCS2dgpugqt1YNK3xZxO1ZLSgGcekc7YsFAL_pgXdrAnTV1JhVk1-58xaqpqShThzq1KO-no1WK14eqEdWIueLRKgBQE9WPfmt57HjYu7vpZT1fBD5IOR8UJbpvaI_es2-IvU27s3qHiqj4gmwP0pV0DDqzydYmAC6sk0As46MLcD-dkoqZCggpCLLqdHIRTXtCkiZIP9ivM0_MJ-hdIC1mcapYuRm1w3NsFS0OS0qxYko14lozzsnX709xSuGkoqcAhUVGLTKcgEg6uTYewXjAC8GmKTgIs0hoUD8CNfMcVNKqhJImyZrTc3BnWJi4To50utVrVjbs2A1iHcbJXLyTGaCfqN89bnFgvZZQOOEMrcl9HOyNXpkXKLmB0FNGawKK7Vb7rXsuEzBS8OrMzchT5YAkyZ_CCOo9cJSQp85wLBqzqqbYivJxV6hT46Q65IllFnnxb88OWlOgbjLXulWB4BVPDonRw5BDsmT_6LaOfIBeutqDkGtKMT5C44vgL6mEP3gRWYQNp1U1qTSrCq-aulu-rEVp8PPUTXN1H-C9Iq9nZ0itkxioV4TnkOCipIUYpqytvrgK4lXm8Mt-_BqcOHfU6sLrpvD_Cv8Ovab2rKwN7VNVqfH2slfLmZnxa0ZBLKhsHK8iBAAyBYf0DXH0GrAKdt2IIUHhkzjb6yWBHDCZuOeN-y2xgd0nRKnqmxMdk-o1PYtD6cIQFc6OZsDcfJWG8ZhrcPyw651Qlgb-_g0Gyy_vI9fDArPKtc4wM1rKzAfePAZW0w-nDV35RkGu3FaNwYBw4LHWw4J11LWOOYjLHZxR8Ha1TXvWDVgsaup3IV7tkbuc1hrhF2yA39jvoAhrKPCe1xe_AFcd8Auiflk1bu4YbdVgldVP1MEb0-rxtlqi7_j4SmeeXO1QDydgLm-hFN0MZurPPLwiq3BU0z2-gB8hba3nnJ-HL_mhirwW-cSqCXJtax7FpoSXXgsSn_Li6Aug1MrvuagpHido1QJWjHMSlxjlSEBSAAoAYBWwd-CWSsNLLuVrupug7S4K6fIfMD8Des1Bo2rrbfYyifsxxBOzSjCHDwqgASbioymBhvHIvJSWkzaC85l6-erPWuLeHmY5qx7odNsOUr5cVkLw4d7xX7LSaRP2ocoW4EAirS4dfVLTD7IVedR1i9KQ28PbdqG5Mx2qUG8vKDVDMFbg1wcdmOXY792pmvKjWPFKGzAnHkM3N69vl5d3H_3S6rSOQv-8z3XXKN5_mhPo5CIbhUL3fssZXMZOipN3hCLpL-tC7XTrqsMTT67aiIxVfM0gnk2Ek0u0pvV1C6zzCtKmlwiNKv4jq-pbUqVxvlwHy0gcxrHXy_FyOrlpU9pkL0ntLno0xMauv3dwzCIJFMnOtQUqsa3SGly2Qc8g2LHNRCbO3T_Z4XeIRH9d15StsTZQsnHMhRZQ_iCGESHFjUxEpGYJtcIPsW_CU2x1kUHWXrntxOb6jYqPFXz-sKm3-U6BzCsM8irv2HVzmDWjDJ1xdWcNX3MpgFtDl5ryN4BTU6F6DQ-mhxllxpC-2Bgkb7kUmGTmIiXKS-AUT15LThciLneAxwnsgq7EtRqnTGZmbyVaakEJH4xBTgX3lnWeeBzJ8FVwhC3dFttFJOOUFyGudFdxtiOr8evFSzqdM0s1rLtEFYmNij1RCkR9OrBuNV-FjPIcSlFI2OwYIzYdPrLJ26c6ubFM4tpzBWtC5s3Ya0v3m6Az2V-nL1TvRZuUbM5p0KrJGBsZm6W8RXelQnG9UR8er2voscwEs-ObguKGlbo8aBWw4id11DFrDT9qnDgKQxVtv6LKalrSl7hrbJjTF3PIeFRuiHOa_IR1FZxWRNTlEgxLNDqpSKIU6uBdClSvMNpRJODRwYGMqTIwaHJSSvVKIdQoRopkcVGPj3PrskMi0dT1aqf0aLzTEJSSNiZKYEMH0275aBrGUbRbIVPvQOOifxUgMdCATSk6F-Q3vIyuLDCXMJdusRGTATIS1KEkQgYVcAkW8iD2EmIDS4JsSxGf-fF0MgiZfWh0SxJ7-_LVFWkoZXLp7SZEpGhq9M29Ektbqq8Uhg0uSZ9STWSq1VDzh0bKnkCtOiyEEEZH4tYLmmadgnIvy-8goMCHkgOakAZD1NsN8TUIpkIAwfVkBDYRqcmIpZrepdvDJD0h2_T5VD7UyrUuxTKuVqaCuVcNbEN5VxVHQNXyTSl1LOp1KaYWjjlinaRT5Ep3wpaFvXURIihiqcYXa669NQS1RDLDOESW1ALNajcRIRIRD2IAdac0R1M2oY2OxG13eTkKCjJkJMihwApNQWYlOBTgYOSgpqcCgW4ECIHk4wCGbgoKKmQokAODikFGeBRUFJQIyNDDiYYCricDBklWCiQgr-EqnJSMMChpLv1TKczHoV2kz5zQp3a0oGIXWKhxBRPaoktNwinvODVauiW2uiqMZq-wCKhRt0NakRTTijKTHGXfox7onk24xRpcsI2MLivNsXaNG8hzk3CylFxJeIplTadAAM3QkJC6rlVNu25ISmSConPnpMjkRQCjL3ZK7F9pogycgiov6zK2o0hlJxelk9WykUNusboushsut7eiLh_q1jddJQFqzzlUoU0VWMyoBXH_gq8all2xZ0kM3adKPSGE8w5ksCbMz19PpyBM6w45M6eBNHwkmhE3W9-GFuR4ziR7QdzRFEPrJTz54VpbPU46d6Y1mxxT2YSOmkUdDt1o4D7F6Z-8Kte5F7QtePYif0eh9OPeuzPztkSxunw7B45iRX3kU5n-m7Ykx66PYrCFnP-nKSFfjysJE4iq9nN_bHAbjOwLdeyLO5fECfpiGw3sOyzXf04DcZsH8vzZk9n51jEoHuh78_E86w-px238eJGyQzCHrvWHNw_P0jSt_9iurZnpUnstDE-kzudHtuOy_1ze_DW4iiM3CCyI8_x0sgb9uxxb93vHvfPse14tBla8Wewo2YFid2TtPv2iFvqTc5fO7cRzj4s34l7PN1zTV7U5tnv0Of-jS1T669glLQ0Tjw7cno4wyiIvZl2jmLpYyZW2F0_iZ-0OIqiFy62YyeJ7MRtnOx12_Ks6aSJlyZtJs16mM82Yu85SCM_4f7Z0XMywpE01_I_kh_57nPvJE-slQ6XJbZ4bFr2wEqTHnieO5oXbe0T_4uab28FezpaHM3YmVbiepHthVGYOCN5pPaHqe3EzeJUKvUsZ6Q7TRxEQeo-sX78_ARt49pygmfasi07HH0OK3UcP3G6n6bBS_okcu5--wtkRyP1PSecowVONKwgeqS6UeJ4SdJnEowH1HenyfM7vBbE9800CcKAE0pJT8bww_YLkTVaMl0rtftwQrvZjn8PfaD6D1rLjRy7PZBn6EauNcJoxOm0Iva7znt8z-FjPvHa3TFt4Y--tySOkyc4mJ4dtOHa437xykeO671wVjQcm8MuDdvDcaR9Rult_RxOi0MvGYnjJr77OO5BlLj-nS58X6njRml81x1Jt6brOKHH7sEPdyt6Uu-4H9yK3mewBX5Xj4f4FtsKHqUjDN0RrhfOEQehbYd-HxEn3ILt37Ieuv7wm_XgcGLnrnIP-fA9CRIruYn1Urc7jufF_juN0h7F6U1zODj-8sK4XhiO6NUOhne3T7woSpMwir1DfH5vQSx3JlGQRLH1LttHcBPHmd3luOJW3X4Uzjb96YVJnFo38m3G_oMjijzPd7w3ZTmfecZB8sq7zU7D8TZv_jn23rmnuA_i1gIvsqKZes2JgtumoKX-bPatnNu8MA5eyqg9SsInr8V3-mgEdzLu3Tktb83MEzm84G50gx2M%26uniformat%3Dtrue%26callback%3DYa%255B4520103232128%255D Message: Failed to load resource: the server responded with a status of 400 ()
javascript	warning	URL: https://1275-ru.translate.goog/ioc/2350/turla-apt-iocs-part-3/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp Message: The resource https://1275.ru/wp-content/uploads/2022/07/security.jpg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors *.translate.goog
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1275-ru.translate.goog
1275.ru
cdn.jsdelivr.net
fonts.gstatic.com
mc.webvisor.org
mc.yandex.ru
play.google.com
translate.google.com
translate.googleapis.com
www.gstatic.com
yandex.ru
yastatic.net
1275.ru
154.47.36.132
2606:4700:3030::6815:5ed7
2606:4700::6810:5514
2a00:1450:4001:80b::200a
2a00:1450:4001:81c::2001
2a00:1450:4001:81c::2003
2a00:1450:4001:827::200e
2a00:1450:4001:829::2003
2a00:1450:4001:82b::200e
2a02:6b8:20::215
2a02:6b8::1:119
2a02:6b8:a::a
021af27a4f745b72a92577aa2880ca09c454f512d9d20dd024dd48cb1d4da139
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
067d2c121efad41c8c62573255569542350b4f9eb23ad9bce3d2cd276ddecd26
12809f96f3fe3beb9ce7d2a3ce85676112c667e3ff064515ed3d38d438d982b6
158469665f416130938621681aed58dcbb25242101ec7cf113dc5b0e8105767d
17df1f2891553baf6c74c4eef8cd0dd9fb73a5669f9f89d67183a8bfe41acfd2
1fa1507969e6321247e5468e5d3d4731f6544ffaab057d69294cdeb7f48909bd
255df06063ef8b4f994c1ae9d232d7c4f27c95b853a68fd9c03e31f4dd6b0031
25f294a11c214d57e0ac336ead0f2787baba6c8c798511b1e12ce5712ca1badf
2b0d88fec11d75fe27fb007fc6ddd8c4be153a064f1c18b63f0b02c03709587e
2db52a6c5fbbfccf1d82c4903a9192517ffb69cb78d8c5e88e46d9dc5914bc9e
2e0bdc192134bb3950a1ba4c1148901e39ebd8d2d01f64ef23106e90a9f771b0
2e1ad0f4cb99e351ea84539ef2611c14f5030f56d4f0be881b58da7624c3933e
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
3761958e87099b26e66641e386b45f6e4ed5ecda334079172984c116699d64b6
395ac78b9fce196f0c2c861789b3d87f9944651d5a80028fa3b1f9e6a1847f0d
401503518894f575673732c689a7885c78bb615900c0c3f726765eb4ce6aa799
4192547933c47032776c86cc04805a86655e4580d0c82b46787a120fcd96c146
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5bed995fce768f3658b9b0acc26c37ef001693da300f85c4b2018944df470cbf
6b5acb20b58ca9f25a996cd5f44fcbde42154bb94cd95666197a59d4b539f07d
6dbf806f766bc9560414c3d2faacb903de016fab141431a5bad1abf714046a79
6e9cca040634f071c068f7f483dfeef82d8589b4082c8cbdc5301951647ba71b
6f260bf3eacb674168155cfb377a8df06da619fd7cc6b62f406ace0113f81ecc
715a81462d5193905a7aa8d6979e5036c8397f6795705d2fb0fe7e7f9b493e71
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
79a54539ecffa36e7ce14dbe15436a860b401839c8dc8b6ba5e42f35c07a2f72
7f80c4c91054b3d6c80721939242c2d4f68f15e41f251e12641f695d78eb2f35
8599d58b9f848bc8f202f4447ce611de3eae34625a8c5054d88808af8b8348dd
90099c81f619214205a91ac97536d4e7f94f0edb81aa4c889364c6843a2d81b9
99294fad3e114681d7504cad26b5d425bf7bb98c82bb4abce603e145ba2e3e17
99bf4aa403643a6d41c028e5db29c79c17cbc815b3e10cd5c6b8f90567a03e52
9cc3d06da338ba7c172c4507b66327de16b1baff9e45f7cdeea2184e49629610
9def3abc34599ed5dbd4347a22bf1e951909206306c848d351eb6ea116b8fda7
a2612407c0e85d6b74c6bf032b458063e1e945ebbe756ab6780d7796288800a6
a9501cc809fac65ba3bc7fdc1686f8cc6651018b290308eddd1e46454063bf5f
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09
b1ad67a764cab19af664e29f02128ee59be1b9c138f768d3f15edcb81aa415c1
b24b086114e58289eb8d0cabc96348e4643fde858eedacaa16be65b5bbe0ba46
b3f3db2e6ac9e2b19172879a80a8605f4db7a179745be21a0828e3c1e49510ee
ba6e7d46a68c9a19b23c43244149ab06f42612c0972cce7b2037bd4145281c92
bb0fe289e92a2eade6afe7babe92eb0cee939586979a53147dee55195c551b4f
bba2b250190b2e3431c2868ae74fd1b5a1f7c7d3f8d61705fc59d7b0af5fee66
bda6918b39e47201eb415c340eaf71525d7ccaa9edfd6a179fc5456f56b110c1
c6f19c1ec0c4602c3cfe5094148df986a8af472dd1b51f24320a6298c1981d43
ccf54cabfb101933dca9ceb9a7cb8152f7a8e2dd1e67fdb4ffb695066e973ffc
d0a8481390307e4c48f27eda55307b082f33605881d0c0b9a606e23e162bc6fd
d4db268822202dfdbfc2fe9dec09ace92874511cd16e22adb9ee276cbd383e53
d5aab9ecebd2bc2f003980fdde59b97aad0fd105312d99fa50fcab580099aaf3
d5e98bbf7c6c7a40b5cf3a4ff4d1ae4c7f564db479b13d2b3aeeab32b079e74d
dfb1c40ced15d76883c86ab060965339f1d24c1ad0a96c11797fc8f98d2d9216
e2e2e411f591372afec8d5e0ffe18219db9cfb3f19be988198f7e24ffe7ccb74
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
efa839a514bf0044d8f3b66e83ef3e3b60148adf00db060ff25ce6c8e03b8814
f1c19def8abe99d6e922755fc028d2cf35bf3419b020d7f955f1c202d2c7936c
fc47344771fb74894c39f04a42b55c5c9e2a2969cc81be92db351c4d55eac87d

1275-ru.translate.goog Open in urlscan Pro 2a00:1450:4001:81c::2001 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

63 Requests

86 %HTTPS

92 %IPv6

9 Domains

12 Subdomains

13 IPs

3 Countries

1663 kBTransfer

4421 kBSize

15 Cookies

2 Outgoing links

Redirected requests

63 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

1275-ru.translate.goog Open in urlscan Pro
2a00:1450:4001:81c::2001 Public Scan

Screenshot
Live screenshot

Full Image

63
Requests

86 %
HTTPS

92 %
IPv6

9
Domains

12
Subdomains

13
IPs

3
Countries

1663 kB
Transfer

4421 kB
Size

15
Cookies

63 HTTP transactions
9 data transactions